Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 X86
- Copyright (c) Microsoft Corporation. All rights reserved.
- Auto Dump Analyzer by gardenman
- Time to debug file(s): 00 hours and 15 minutes and 23 seconds
- ============================= SYSTEM INFO ==============================
- VERSION: 1.0
- PRODUCT_NAME: MS-7A11
- MANUFACTURER: MSI
- =========================== BRIEF BIOS INFO ============================
- DATE: 07/24/2016
- VERSION: 2.50
- VENDOR: American Megatrends Inc.
- =========================== MOTHERBOARD INFO ===========================
- VERSION: 1.0
- PRODUCT: Z170A KRAIT GAMING 3X (MS-7A11)
- MANUFACTURER: MSI
- =============================== CPU INFO ===============================
- Processor Version: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
- MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: 9E'00000000 (cache) 9E'00000000 (init)
- STEPPING: 3
- MODEL: 5e
- FAMILY: 6
- VENDOR: GenuineIntel
- MHZ: 4008
- COUNT: 8
- =============================== OS INFO ================================
- BUILDOSVER: 10.0.15063.483
- BUILDLAB: WinBuild
- BUILDDATESTAMP: 160101.0800
- BUILD_TIMESTAMP: 2017-07-07 02:06:35
- EDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
- NAME: Windows 10
- PLATFORM_TYPE: x64
- SERVICEPACK: 483
- BUILD: 15063
- BUILD_VERSION: 10.0.15063.483 (WinBuild.160101.0800)
- Built by: 15063.0.amd64fre.rs2_release.170317-1834
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- If you see multiple OS versions listed above it's likely because the
- dump files were created at different times and Windows has updated to
- a new version. This is normal. The same goes for BIOS Versions/Dates.
- ========================================================================
- ==================== Dump File: 081317-33734-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (8 procs) Free x64
- Kernel base = 0xfffff800`05684000 PsLoadedModuleList = 0xfffff800`059d05e0
- Debug session time: Sun Aug 13 16:56:36.008 2017 (UTC - 4:00)
- System Uptime: 2 days 14:38:59.318
- BugCheck 50, {ffff80897c4fca4c, 0, fffff80005b54170, 2}
- Could not read faulting driver name
- Probably caused by : memory_corruption
- Followup: memory_corruption
- PAGE_FAULT_IN_NONPAGED_AREA (50)
- Invalid system memory was referenced. This cannot be protected by try-except.
- Typically the address is just plain bad or it is pointing at freed memory.
- Arguments:
- Arg1: ffff80897c4fca4c, memory referenced.
- Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
- Arg3: fffff80005b54170, If non-zero, the instruction address which referenced the bad memory
- address.
- Arg4: 0000000000000002, (reserved)
- Debugging Details:
- Could not read faulting driver name
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- READ_ADDRESS: fffff80005a65358: Unable to get MiVisibleState
- ffff80897c4fca4c
- FAULTING_IP:
- nt!PsQueryStatisticsProcess+c0
- fffff800`05b54170 4403b6ecfbffff add r14d,dword ptr [rsi-414h]
- MM_INTERNAL_CODE: 2
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: AV
- PROCESS_NAME: Rainmeter.exe
- CURRENT_IRQL: 0
- TRAP_FRAME: ffffc50063c8f9a0 -- (.trap 0xffffc50063c8f9a0)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=0000000000000000 rbx=0000000000000000 rcx=0000000040000000
- rdx=fffff80005a67080 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff80005b54170 rsp=ffffc50063c8fb30 rbp=0000000000000001
- r8=ffffc50063c8fb38 r9=00000000000000d6 r10=ffffd80f48eada40
- r11=ffffc50063c8fbb4 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei pl nz ac pe nc
- nt!PsQueryStatisticsProcess+0xc0:
- fffff800`05b54170 4403b6ecfbffff add r14d,dword ptr [rsi-414h] ds:ffffffff`fffffbec=????????
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff80005825fb4 to fffff800057f04c0
- STACK_TEXT:
- ffffc500`63c8f708 fffff800`05825fb4 : 00000000`00000050 ffff8089`7c4fca4c 00000000`00000000 ffffc500`63c8f9a0 : nt!KeBugCheckEx
- ffffc500`63c8f710 fffff800`057112d6 : 00000000`00000000 ffff8089`7c4fca4c ffffc500`63c8f9a0 ffff8089`563660c0 : nt!MiSystemFault+0x116e84
- ffffc500`63c8f7b0 fffff800`057f9d72 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0xae6
- ffffc500`63c8f9a0 fffff800`05b54170 : ffffc500`00000000 fffff800`00000000 00000239`00000000 00000000`00000000 : nt!KiPageFault+0x132
- ffffc500`63c8fb30 fffff800`05b53fc0 : 080a0d05`00a9ae09 ffff8089`5982b7c0 ffffd80f`48ead800 ffff8089`55b17ff0 : nt!PsQueryStatisticsProcess+0xc0
- ffffc500`63c8fb90 fffff800`05b24609 : 00000000`00026868 00000000`00000000 00000000`00000000 fffff800`059ca040 : nt!ExpCopyProcessInfo+0x270
- ffffc500`63c8fc30 fffff800`05b2ffae : 00000000`00000409 fffff800`00080cf0 00000000`00000001 00000000`00000000 : nt!ExpGetProcessInformation+0x229
- ffffc500`63c90200 fffff800`05b2f7fb : 00000000`00000000 00000102`4d87e170 00000000`00000003 00000239`93fe99a0 : nt!ExpQuerySystemInformation+0x68e
- ffffc500`63c90a40 fffff800`057fb413 : ffff8089`5982b7c0 000000af`4b0f4000 00000000`00000000 ffff8089`50ab4100 : nt!NtQuerySystemInformation+0x2b
- ffffc500`63c90a80 00007fff`72095a64 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- 00000102`4d87e068 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`72095a64
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff8000570c0ef - nt!MiGetNextPageTable+19f
- [ f6:e9 ]
- fffff8000570c122 - nt!MiGetNextPageTable+1d2 (+0x33)
- [ f6:e9 ]
- fffff800057113b0 - nt!MmAccessFault+bc0 (+0x528e)
- [ f6:e9 ]
- fffff8000571507b - nt!MiResolvePrivateZeroFault+27b (+0x3ccb)
- [ f6:e9 ]
- fffff800057150b0-fffff800057150b2 3 bytes - nt!MiResolvePrivateZeroFault+2b0 (+0x35)
- [ 40 fb f6:c0 f4 e9 ]
- fffff800057150d9 - nt!MiResolvePrivateZeroFault+2d9 (+0x29)
- [ fa:91 ]
- fffff80005715b54 - nt!MiGetPage+a4 (+0xa7b)
- [ fa:91 ]
- fffff80005715cc3 - nt!MiGetFreeOrZeroPage+73 (+0x16f)
- [ fa:91 ]
- fffff80005716558 - nt!MiCompletePrivateZeroFault+518 (+0x895)
- [ f6:e9 ]
- fffff80005716568 - nt!MiCompletePrivateZeroFault+528 (+0x10)
- [ fa:91 ]
- fffff80005825fd9 - nt!MiValidFault+1160f9 (+0x10fa71)
- [ f6:e9 ]
- fffff80005b54366 - nt!MiAllocateDriverPage+9a
- [ fa:91 ]
- fffff80005b54515 - nt!MmCreateProcessAddressSpace+17d (+0x1af)
- [ fa:91 ]
- fffff80005b5456b-fffff80005b5456f 5 bytes - nt!MmCreateProcessAddressSpace+1d3 (+0x56)
- [ d0 be 7d fb f6:30 7d fa f4 e9 ]
- fffff80005b545b4 - nt!MmCreateProcessAddressSpace+21c (+0x49)
- [ f6:e9 ]
- 21 errors : !nt (fffff8000570c0ef-fffff80005b545b4)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2017-08-13T20:56:36.000Z
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ========================================================================
- ========================== 3RD PARTY DRIVERS ===========================
- ========================================================================
- Image path: \SystemRoot\System32\Drivers\inpoutx64.sys
- Image name: inpoutx64.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=inpoutx64.sys
- Timestamp : Fri Oct 17 2008
- Image path: \SystemRoot\system32\drivers\npf.sys
- Image name: npf.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=npf.sys
- ADA Info : NetGroup Packet Filter driver, a component of WinPCap by Riverbed
- Timestamp : Thu Feb 28 2013
- Image path: \SystemRoot\system32\DRIVERS\vbaudio_vmvaio64_win7.sys
- Image name: vbaudio_vmvaio64_win7.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=vbaudio_vmvaio64_win7.sys
- Timestamp : Mon Apr 21 2014
- Image path: \SystemRoot\system32\DRIVERS\VMNET.SYS
- Image name: VMNET.SYS
- Info Link : http://www.carrona.org/drivers/driver.php?id=VMNET.SYS
- ADA Info : VMware Network driver https://www.vmware.com/
- Timestamp : Sun Jul 27 2014
- Image path: \SystemRoot\system32\DRIVERS\vmnetadapter.sys
- Image name: vmnetadapter.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=vmnetadapter.sys
- ADA Info : VMware Virtual Network Adapter driver https://www.vmware.com/
- Timestamp : Sun Jul 27 2014
- Image path: \SystemRoot\system32\DRIVERS\vmnetbridge.sys
- Image name: vmnetbridge.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=vmnetbridge.sys
- ADA Info : VMware Bridge driver https://www.vmware.com/
- Timestamp : Sun Jul 27 2014
- Image path: \SystemRoot\system32\DRIVERS\vbaudio_cable64_win7.sys
- Image name: vbaudio_cable64_win7.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=vbaudio_cable64_win7.sys
- Timestamp : Thu Aug 14 2014
- Image path: \SystemRoot\System32\drivers\vmci.sys
- Image name: vmci.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=vmci.sys
- ADA Info : VMware PCI VMCI Bus Device https://www.vmware.com/
- Timestamp : Thu Sep 4 2014
- Image path: \SystemRoot\system32\drivers\vsock.sys
- Image name: vsock.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=vsock.sys
- ADA Info : VMware vSockets Service https://www.vmware.com/
- Timestamp : Thu Sep 4 2014
- Image path: \SystemRoot\System32\Drivers\dump_iaStorAV.sys
- Image name: dump_iaStorAV.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=dump_iaStorAV.sys
- Timestamp : Thu Feb 19 2015
- Image path: \SystemRoot\System32\drivers\iaStorAV.sys
- Image name: iaStorAV.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=iaStorAV.sys
- Timestamp : Thu Feb 19 2015
- Image path: \SystemRoot\System32\drivers\Hamdrv.sys
- Image name: Hamdrv.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=Hamdrv.sys
- ADA Info : LogMeIn Hamachi Virtual Miniport driver http://www.logmein.com/
- Timestamp : Mon Mar 30 2015
- Image path: \??\C:\WINDOWS\system32\drivers\HWiNFO64A.SYS
- Image name: HWiNFO64A.SYS
- Info Link : http://www.carrona.org/drivers/driver.php?id=HWiNFO64A.SYS
- ADA Info : HWiNFO AMD64 Kernel Driver https://www.hwinfo.com/
- Timestamp : Tue Mar 31 2015
- Image path: \SystemRoot\System32\drivers\netr28ux.sys
- Image name: netr28ux.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=netr28ux.sys
- ADA Info : Ralink Wireless Adapter Driver https://www.mediatek.com/
- Timestamp : Thu May 28 2015
- Image path: \SystemRoot\System32\drivers\tapse01.sys
- Image name: tapse01.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=tapse01.sys
- Timestamp : Thu Jun 11 2015
- Image path: \SystemRoot\SysWOW64\drivers\vstor2-mntapi20-shared.sys
- Image name: vstor2-mntapi20-shared.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=vstor2-mntapi20-shared.sys
- ADA Info : VMware vCenter Converter Standalone https://www.vmware.com/
- Timestamp : Thu Jul 9 2015
- Image path: \SystemRoot\System32\drivers\rzendpt.sys
- Image name: rzendpt.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=rzendpt.sys
- ADA Info : Razer RzEndPt driver https://www.razerzone.com/
- Timestamp : Tue Aug 11 2015
- Image path: \SystemRoot\System32\drivers\rzudd.sys
- Image name: rzudd.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=rzudd.sys
- ADA Info : Razer Rzudd Engine Driver https://www.razerzone.com/
- Timestamp : Tue Aug 11 2015
- Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
- Image name: TeeDriverW8x64.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=TeeDriverW8x64.sys
- ADA Info : Intel® Management Engine Interface
- Timestamp : Mon Aug 31 2015
- Image path: \??\C:\WINDOWS\system32\drivers\rzpnk.sys
- Image name: rzpnk.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=rzpnk.sys
- ADA Info : Razer Overlay Support https://www.razerzone.com/
- Timestamp : Wed Sep 16 2015
- Image path: \??\C:\WINDOWS\system32\drivers\rzpmgrk.sys
- Image name: rzpmgrk.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=rzpmgrk.sys
- ADA Info : Razer Overlay Support https://www.razerzone.com/
- Timestamp : Thu Sep 17 2015
- Image path: \SystemRoot\System32\drivers\iwdbus.sys
- Image name: iwdbus.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=iwdbus.sys
- ADA Info : Intel® WiDi Solution driver http://www.intel.com/
- Timestamp : Thu Nov 5 2015
- Image path: \SystemRoot\System32\drivers\iaLPSS2_UART2.sys
- Image name: iaLPSS2_UART2.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=iaLPSS2_UART2.sys
- Timestamp : Thu Jan 14 2016
- Image path: \SystemRoot\system32\DRIVERS\CorsairGamingAudioamd64.sys
- Image name: CorsairGamingAudioamd64.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=CorsairGamingAudioamd64.sys
- Timestamp : Mon Feb 29 2016
- Image path: \SystemRoot\System32\drivers\e1i63x64.sys
- Image name: e1i63x64.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=e1i63x64.sys
- ADA Info : Intel(R) Gigabit Adapter NDIS 6.x driver https://downloadcenter.intel.com/
- Timestamp : Fri Mar 4 2016
- Image path: \??\C:\WINDOWS\system32\drivers\hcmon.sys
- Image name: hcmon.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=hcmon.sys
- ADA Info : VMware USB monitor https://www.vmware.com/
- Timestamp : Thu Mar 10 2016
- Image path: \SystemRoot\system32\drivers\kinonivad.sys
- Image name: kinonivad.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=kinonivad.sys
- Timestamp : Thu Mar 10 2016
- Image path: \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys
- Image name: vmnetuserif.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=vmnetuserif.sys
- ADA Info : VMware Network Application Interface driver https://www.vmware.com/
- Timestamp : Thu Apr 14 2016
- Image path: \??\C:\WINDOWS\system32\drivers\vmx86.sys
- Image name: vmx86.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=vmx86.sys
- ADA Info : VMware kernel driver https://www.vmware.com/
- Timestamp : Thu Apr 14 2016
- Image path: \SystemRoot\system32\DRIVERS\VBoxDrv.sys
- Image name: VBoxDrv.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=VBoxDrv.sys
- ADA Info : VirtualBox Support Driver https://www.virtualbox.org/
- Timestamp : Mon Apr 18 2016
- Image path: \SystemRoot\system32\DRIVERS\VBoxNetAdp6.sys
- Image name: VBoxNetAdp6.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=VBoxNetAdp6.sys
- ADA Info : VirtualBox NDIS 6.0 Host-Only Network Adapter Driver https://www.virtualbox.org/
- Timestamp : Mon Apr 18 2016
- Image path: \SystemRoot\system32\DRIVERS\VBoxNetLwf.sys
- Image name: VBoxNetLwf.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=VBoxNetLwf.sys
- ADA Info : VirtualBox NDIS 6.0 Lightweight Filter Driver https://www.virtualbox.org/
- Timestamp : Mon Apr 18 2016
- Image path: \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
- Image name: VBoxUSBMon.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=VBoxUSBMon.sys
- ADA Info : VirtualBox USB Monitor Driver https://www.virtualbox.org/
- Timestamp : Mon Apr 18 2016
- Image path: \SystemRoot\System32\drivers\tap0901.sys
- Image name: tap0901.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=tap0901.sys
- ADA Info : TAP-Win32 Virtual Private Network Driver 0901 (OpenVPN by OpenVPN Technologies) https://openvpn.net/
- Timestamp : Thu Apr 21 2016
- Image path: \SystemRoot\System32\drivers\tap0901t.sys
- Image name: tap0901t.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=tap0901t.sys
- Timestamp : Tue Apr 26 2016
- Image path: \SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys
- Image name: iaLPSS2i_GPIO2.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=iaLPSS2i_GPIO2.sys
- Timestamp : Mon Aug 8 2016
- Image path: \SystemRoot\System32\drivers\iaLPSS2i_I2C.sys
- Image name: iaLPSS2i_I2C.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=iaLPSS2i_I2C.sys
- Timestamp : Mon Aug 8 2016
- Image path: \SystemRoot\System32\drivers\CorsairVBusDriver.sys
- Image name: CorsairVBusDriver.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=CorsairVBusDriver.sys
- Timestamp : Thu Sep 8 2016
- Image path: \SystemRoot\System32\drivers\CorsairVHidDriver.sys
- Image name: CorsairVHidDriver.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=CorsairVHidDriver.sys
- Timestamp : Thu Sep 8 2016
- Image path: \SystemRoot\system32\drivers\nvvad64v.sys
- Image name: nvvad64v.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=nvvad64v.sys
- ADA Info : Nvidia Virtual Audio Driver http://www.nvidia.com/
- Timestamp : Mon Dec 19 2016
- Image path: \SystemRoot\System32\drivers\nvvhci.sys
- Image name: nvvhci.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=nvvhci.sys
- ADA Info : Nvidia Virtual USB Host Controller driver http://www.nvidia.com/
- Timestamp : Tue Dec 27 2016
- Image path: \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
- Image name: MBAMSwissArmy.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=MBAMSwissArmy.sys
- ADA Info : MalwareBytes Anti-Malware system driver https://www.malwarebytes.com/
- Timestamp : Wed Mar 15 2017
- Image path: \SystemRoot\system32\drivers\nvhda64v.sys
- Image name: nvhda64v.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=nvhda64v.sys
- ADA Info : Nvidia HDMI Audio Device http://www.nvidia.com/
- Timestamp : Wed Mar 15 2017
- Image path: \SystemRoot\System32\drivers\tapwindscribe0901.sys
- Image name: tapwindscribe0901.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=tapwindscribe0901.sys
- Timestamp : Thu Mar 16 2017
- Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys
- Image name: nvlddmkm.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
- ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
- Timestamp : Mon May 1 2017
- Image path: \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys
- Image name: cpuz143_x64.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=cpuz143_x64.sys
- ADA Info : CPUID driver
- Timestamp : Mon May 22 2017
- Image path: \SystemRoot\system32\drivers\aswKbd.sys
- Image name: aswKbd.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=aswKbd.sys
- ADA Info : Avast Keyboard Filter driver http://www.avast.com/
- Timestamp : Mon Jun 19 2017
- Image path: \SystemRoot\system32\drivers\aswRdr2.sys
- Image name: aswRdr2.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=aswRdr2.sys
- ADA Info : Avast Antivirus http://www.avast.com/
- Timestamp : Mon Jun 19 2017
- Image path: \SystemRoot\system32\drivers\aswRvrt.sys
- Image name: aswRvrt.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=aswRvrt.sys
- ADA Info : Avast Antivirus http://www.avast.com/
- Timestamp : Mon Jun 19 2017
- Image path: \SystemRoot\system32\drivers\aswStm.sys
- Image name: aswStm.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=aswStm.sys
- ADA Info : Avast Antivirus http://www.avast.com/
- Timestamp : Mon Jun 19 2017
- Image path: \SystemRoot\system32\drivers\aswSP.sys
- Image name: aswSP.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=aswSP.sys
- ADA Info : Avast Antivirus http://www.avast.com/
- Timestamp : Thu Jun 22 2017
- Image path: \SystemRoot\system32\drivers\aswVmm.sys
- Image name: aswVmm.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=aswVmm.sys
- ADA Info : Avast Antivirus http://www.avast.com/
- Timestamp : Thu Jun 29 2017
- Image path: \SystemRoot\system32\drivers\aswbidsdrivera.sys
- Image name: aswbidsdrivera.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=aswbidsdrivera.sys
- ADA Info : Avast IDS Application Activity Monitor Driver http://www.avast.com/
- Timestamp : Tue Jul 11 2017
- Image path: \SystemRoot\system32\drivers\aswbidsha.sys
- Image name: aswbidsha.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=aswbidsha.sys
- ADA Info : Avast Antivirus http://www.avast.com/
- Timestamp : Tue Jul 11 2017
- Image path: \SystemRoot\system32\drivers\aswbloga.sys
- Image name: aswbloga.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=aswbloga.sys
- ADA Info : Avast Antivirus http://www.avast.com/
- Timestamp : Tue Jul 11 2017
- Image path: \SystemRoot\system32\drivers\aswbuniva.sys
- Image name: aswbuniva.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=aswbuniva.sys
- ADA Info : Avast Antivirus http://www.avast.com/
- Timestamp : Tue Jul 11 2017
- Image path: \SystemRoot\system32\drivers\aswMonFlt.sys
- Image name: aswMonFlt.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=aswMonFlt.sys
- ADA Info : Avast Antivirus http://www.avast.com/
- Timestamp : Thu Aug 3 2017
- Image path: \SystemRoot\system32\drivers\aswSnx.sys
- Image name: aswSnx.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=aswSnx.sys
- ADA Info : Avast Antivirus http://www.avast.com/
- Timestamp : Thu Aug 3 2017
- Image path: \??\C:\WINDOWS\system32\drivers\EasyAntiCheat.sys
- Image name: EasyAntiCheat.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=EasyAntiCheat.sys
- Timestamp : Sun Aug 13 2017
- If any of the above drivers are from Microsoft then please let me know.
- I will have them moved to the Microsoft list on the next update.
- ========================================================================
- ========================== MICROSOFT DRIVERS ===========================
- ========================================================================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- acpipagr.sys ACPI Processor Aggregator Device Driver
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- AgileVpn.sys RAS Agile Vpn Miniport Call Manager
- ahcache.sys Application Compatibility Cache (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump Driver
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys Crash Dump Disk Driver
- dump_dumpfve.sys Bitlocker Drive Encryption Crashdump Filter
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HdAudio.sys High Definition Audio Function Driver
- HIDCLASS.SYS Hid Class Library
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- intelppm.sys Processor Device Driver (Microsoft)
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_GenuineIntel.dll Intel Microcode Update Library (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb10.sys Longhorn SMB Downlevel SubRdr (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msgpioclx.sys GPIO Class Extension Driver
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndistapi.sys NDIS 3.0 connection wrapper driver
- ndisuio.sys NDIS User mode I/O driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption)
- NDProxy.sys NDIS Proxy
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- NTFS.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- nwifi.sys NativeWiFi Miniport Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- qwavedrv.sys Microsoft Quality Windows Audio Video Experience (qWave) Support Driver
- rasl2tp.sys RAS L2TP mini-port/call-manager driver
- raspppoe.sys RAS PPPoE mini-port/call-manager driver
- raspptp.sys Peer-to-Peer Tunneling Protocol
- rassstp.sys RAS SSTP Miniport Call Manager
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdpvideominiport.sys Microsoft RDP Video Miniport driver
- rdyboost.sys ReadyBoost Driver (Microsoft)
- registry.sys Registry Container driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- SerCx2.sys Serial Class Extension V2
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- SpbCx.sys SPB Class Extension
- srv.sys Server driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storport.sys A storage port driver that is especially suitable for use with high-performance buses, such as fibre channel buses, and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- TSDDD.dll Framebuffer Display Driver (Microsoft)
- ucx01000.sys USB Controller Extension
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbaudio.sys USB Audio Class Driver (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB Driver
- USBXHCI.SYS USB XHCI Driver
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- vmbkmclr.sys Hyper-V VMBus Root KMCL (Microsoft)
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwifibus.sys Virtual Wireless Bus driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- WSDPrint.sys Web Services Print Device driver (Microsoft)
- WSDScan.sys Web Service Based Scan Device driver (Microsoft)
- WudfPf.sys Windows Driver Foundation - User-mode Driver Framework Platform driver (Microsoft)
- Unloaded modules:
- fffff800`08360000 fffff800`0836d000 WSDScan.sys
- fffff800`08350000 fffff800`0835d000 WSDPrint.sys
- fffff800`08340000 fffff800`0834d000 WSDScan.sys
- fffff800`08330000 fffff800`0833d000 WSDPrint.sys
- fffff800`08320000 fffff800`0832d000 WSDScan.sys
- fffff800`08310000 fffff800`0831d000 WSDPrint.sys
- fffff800`08300000 fffff800`0830d000 WSDScan.sys
- fffff800`082e0000 fffff800`082ed000 WSDPrint.sys
- fffff800`082d0000 fffff800`082dd000 WSDScan.sys
- fffff800`082c0000 fffff800`082cd000 WSDPrint.sys
- fffff800`082b0000 fffff800`082bd000 WSDScan.sys
- fffff800`082a0000 fffff800`082ad000 WSDPrint.sys
- fffff800`08290000 fffff800`0829d000 WSDScan.sys
- fffff800`08280000 fffff800`0828d000 WSDPrint.sys
- fffff800`08270000 fffff800`0827d000 WSDScan.sys
- fffff800`08260000 fffff800`0826d000 WSDPrint.sys
- fffff800`08250000 fffff800`0825d000 WSDScan.sys
- fffff800`08240000 fffff800`0824d000 WSDPrint.sys
- fffff800`08230000 fffff800`0823d000 WSDScan.sys
- fffff800`08220000 fffff800`0822d000 WSDPrint.sys
- fffff800`08210000 fffff800`0821d000 WSDScan.sys
- fffff800`08200000 fffff800`0820d000 WSDPrint.sys
- fffff800`081f0000 fffff800`081fd000 WSDScan.sys
- fffff800`081e0000 fffff800`081ed000 WSDPrint.sys
- fffff800`081d0000 fffff800`081dd000 WSDScan.sys
- fffff800`081c0000 fffff800`081cd000 WSDPrint.sys
- fffff800`081b0000 fffff800`081bd000 WSDScan.sys
- fffff800`081a0000 fffff800`081ad000 WSDPrint.sys
- fffff800`08190000 fffff800`0819d000 WSDScan.sys
- fffff800`08180000 fffff800`0818d000 WSDPrint.sys
- fffff800`08170000 fffff800`0817d000 WSDScan.sys
- fffff800`08160000 fffff800`0816d000 WSDPrint.sys
- fffff800`08150000 fffff800`0815d000 WSDScan.sys
- fffff800`08140000 fffff800`0814d000 WSDPrint.sys
- fffff800`08130000 fffff800`0813d000 WSDScan.sys
- fffff800`08120000 fffff800`0812d000 WSDPrint.sys
- fffff800`08110000 fffff800`0811d000 WSDScan.sys
- fffff800`080e0000 fffff800`080ed000 WSDPrint.sys
- fffff800`07f20000 fffff800`07f2d000 WSDScan.sys
- fffff800`07f10000 fffff800`07f1d000 WSDPrint.sys
- fffff800`087f0000 fffff800`087fd000 WSDScan.sys
- fffff800`08620000 fffff800`0862d000 WSDPrint.sys
- fffff800`08610000 fffff800`0861d000 WSDScan.sys
- fffff800`08600000 fffff800`0860d000 WSDPrint.sys
- fffff800`085f0000 fffff800`085fd000 WSDScan.sys
- fffff800`085e0000 fffff800`085ed000 WSDPrint.sys
- fffff800`084b0000 fffff800`084bd000 WSDScan.sys
- fffff800`084a0000 fffff800`084ad000 WSDPrint.sys
- fffff800`08490000 fffff800`0849d000 WSDScan.sys
- fffff800`08480000 fffff800`0848d000 WSDPrint.sys
- ========================================================================
- ============================== BIOS INFO ===============================
- ========================================================================
- [SMBIOS Data Tables v3.0]
- [DMI Version - 0]
- [2.0 Calling Convention - No]
- [Table Size - 4260 bytes]
- [BIOS Information (Type 0) - Length 24 - Handle 0000h]
- Vendor American Megatrends Inc.
- BIOS Version 2.50
- BIOS Starting Address Segment f000
- BIOS Release Date 07/24/2016
- BIOS ROM Size 1000000
- BIOS Characteristics
- 07: - PCI Supported
- 11: - Upgradeable FLASH BIOS
- 12: - BIOS Shadowing Supported
- 15: - CD-Boot Supported
- 16: - Selectable Boot Supported
- 17: - BIOS ROM Socketed
- 19: - EDD Supported
- 23: - 1.2MB Floppy Supported
- 24: - 720KB Floppy Supported
- 25: - 2.88MB Floppy Supported
- 26: - Print Screen Device Supported
- 27: - Keyboard Services Supported
- 28: - Serial Services Supported
- 29: - Printer Services Supported
- 32: - BIOS Vendor Reserved
- BIOS Characteristic Extensions
- 00: - ACPI Supported
- 01: - USB Legacy Supported
- 08: - BIOS Boot Specification Supported
- 10: - Specification Reserved
- 11: - Specification Reserved
- BIOS Major Revision 5
- BIOS Minor Revision 11
- EC Firmware Major Revision 255
- EC Firmware Minor Revision 255
- [System Information (Type 1) - Length 27 - Handle 0001h]
- Manufacturer MSI
- Product Name MS-7A11
- Version 1.0
- UUID 00000000-0000-0000-0000-000000000000
- Wakeup Type Power Switch
- SKUNumber Default string
- Family Default string
- [BaseBoard Information (Type 2) - Length 15 - Handle 0002h]
- Manufacturer MSI
- Product Z170A KRAIT GAMING 3X (MS-7A11)
- Version 1.0
- Feature Flags 09h
- Location Default string
- Chassis Handle 0003h
- Board Type 0ah - Processor/Memory Module
- Number of Child Handles 0
- [System Enclosure (Type 3) - Length 22 - Handle 0003h]
- Manufacturer MSI
- Chassis Type Desktop
- Version 1.0
- Bootup State Safe
- Power Supply State Safe
- Thermal State Safe
- Security Status None
- OEM Defined 0
- Height 0U
- Number of Power Cords 1
- Number of Contained Elements 0
- Contained Element Size 3
- [OEM Strings (Type 11) - Length 5 - Handle 0021h]
- Number of Strings 1
- 1 Default string
- [System Configuration Options (Type 12) - Length 5 - Handle 0022h]
- [Cache Information (Type 7) - Length 19 - Handle 003ch]
- Socket Designation L1 Cache
- Cache Configuration 0180h - WB Enabled Int NonSocketed L1
- Maximum Cache Size 0080h - 128K
- Installed Size 0080h - 128K
- Supported SRAM Type 0020h - Synchronous
- Current SRAM Type 0020h - Synchronous
- Cache Speed 0ns
- Error Correction Type ParitySingle-Bit ECC
- System Cache Type Data
- Associativity 8-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 003dh]
- Socket Designation L1 Cache
- Cache Configuration 0180h - WB Enabled Int NonSocketed L1
- Maximum Cache Size 0080h - 128K
- Installed Size 0080h - 128K
- Supported SRAM Type 0020h - Synchronous
- Current SRAM Type 0020h - Synchronous
- Cache Speed 0ns
- Error Correction Type ParitySingle-Bit ECC
- System Cache Type Instruction
- Associativity 8-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 003eh]
- Socket Designation L2 Cache
- Cache Configuration 0181h - WB Enabled Int NonSocketed L2
- Maximum Cache Size 0400h - 1024K
- Installed Size 0400h - 1024K
- Supported SRAM Type 0020h - Synchronous
- Current SRAM Type 0020h - Synchronous
- Cache Speed 0ns
- Error Correction Type Multi-Bit ECC
- System Cache Type Unified
- Associativity 4-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 003fh]
- Socket Designation L3 Cache
- Cache Configuration 0182h - WB Enabled Int NonSocketed L3
- Maximum Cache Size 2000h - 8192K
- Installed Size 2000h - 8192K
- Supported SRAM Type 0020h - Synchronous
- Current SRAM Type 0020h - Synchronous
- Cache Speed 0ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 16-way Set-Associative
- [Processor Information (Type 4) - Length 48 - Handle 0040h]
- Socket Designation U3E1
- Processor Type Central Processor
- Processor Family c6h - Specification Reserved
- Processor Manufacturer Intel(R) Corporation
- Processor ID e3060500fffbebbf
- Processor Version Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
- Processor Voltage 8bh - 1.1V
- External Clock 100MHz
- Max Speed 8300MHz
- Current Speed 4000MHz
- Status Enabled Populated
- Processor Upgrade Other
- L1 Cache Handle 003dh
- L2 Cache Handle 003eh
- L3 Cache Handle 003fh
- [Physical Memory Array (Type 16) - Length 23 - Handle 0041h]
- Location 03h - SystemBoard/Motherboard
- Use 03h - System Memory
- Memory Error Correction 03h - None
- Maximum Capacity 67108864KB
- Number of Memory Devices 4
- [Memory Device (Type 17) - Length 40 - Handle 0042h]
- Physical Memory Array Handle 0041h
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 09h - DIMM
- Device Locator ChannelA-DIMM0
- Bank Locator BANK 0
- Memory Type 1ah - Specification Reserved
- Type Detail 0080h - Synchronous
- Speed 2400MHz
- Manufacturer 8502
- Part Number PSD48G24002
- [Memory Device (Type 17) - Length 40 - Handle 0043h]
- Physical Memory Array Handle 0041h
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 09h - DIMM
- Device Locator ChannelA-DIMM1
- Bank Locator BANK 1
- Memory Type 1ah - Specification Reserved
- Type Detail 0080h - Synchronous
- Speed 2400MHz
- Manufacturer 8502
- Part Number PSD48G24002
- [Memory Device (Type 17) - Length 40 - Handle 0044h]
- Physical Memory Array Handle 0041h
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 09h - DIMM
- Device Locator ChannelB-DIMM0
- Bank Locator BANK 2
- Memory Type 1ah - Specification Reserved
- Type Detail 0080h - Synchronous
- Speed 2400MHz
- Manufacturer 8502
- Part Number PSD48G24002
- [Memory Device (Type 17) - Length 40 - Handle 0045h]
- Physical Memory Array Handle 0041h
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 09h - DIMM
- Device Locator ChannelB-DIMM1
- Bank Locator BANK 3
- Memory Type 1ah - Specification Reserved
- Type Detail 0080h - Synchronous
- Speed 2400MHz
- Manufacturer 8502
- Part Number PSD48G24002
- [Memory Array Mapped Address (Type 19) - Length 31 - Handle 0046h]
- Starting Address 00000000h
- Ending Address 01ffffffh
- Memory Array Handle 0041h
- Partition Width 04
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 0047h]
- Starting Address 00000000h
- Ending Address 007fffffh
- Memory Device Handle 0042h
- Mem Array Mapped Adr Handle 0046h
- Interleave Position 01
- Interleave Data Depth 02
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 0048h]
- Starting Address 01000000h
- Ending Address 017fffffh
- Memory Device Handle 0043h
- Mem Array Mapped Adr Handle 0046h
- Interleave Position 01
- Interleave Data Depth 02
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 0049h]
- Starting Address 00800000h
- Ending Address 00ffffffh
- Memory Device Handle 0044h
- Mem Array Mapped Adr Handle 0046h
- Interleave Position 02
- Interleave Data Depth 02
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 004ah]
- Starting Address 01800000h
- Ending Address 01ffffffh
- Memory Device Handle 0045h
- Mem Array Mapped Adr Handle 0046h
- Interleave Position 02
- Interleave Data Depth 02
- ========================================================================
- ==================== Dump File: 072817-23343-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (8 procs) Free x64
- Kernel base = 0xfffff803`aec8e000 PsLoadedModuleList = 0xfffff803`aefda5e0
- Debug session time: Fri Jul 28 21:26:32.653 2017 (UTC - 4:00)
- System Uptime: 1 days 3:17:03.390
- BugCheck 1, {7ff8661a5a64, 0, ffff, ffffa980a7d87b00}
- Probably caused by : ntkrnlmp.exe ( nt!KiSystemServiceExitPico+194 )
- Followup: MachineOwner
- APC_INDEX_MISMATCH (1)
- This is a kernel internal error. The most common reason to see this
- bugcheck is when a filesystem or a driver has a mismatched number of
- calls to disable and re-enable APCs. The key data item is the
- Thread->CombinedApcDisable field. This consists of two separate 16-bit
- fields, the SpecialApcDisable and the KernelApcDisable. A negative value
- of either indicates that a driver has disabled special or normal APCs
- (respectively) without re-enabling them; a positive value indicates that
- a driver has enabled special or normal APCs (respectively) too many times.
- Arguments:
- Arg1: 00007ff8661a5a64, Address of system call function or worker routine
- Arg2: 0000000000000000, Thread->ApcStateIndex
- Arg3: 000000000000ffff, (Thread->SpecialApcDisable << 16) | Thread->KernelApcDisable
- Arg4: ffffa980a7d87b00, Call type (0 - system call, 1 - worker routine)
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- FAULTING_IP:
- +0
- 00007ff8`661a5a64 ?? ???
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- BUGCHECK_STR: 0x1
- PROCESS_NAME: WmiPrvSE.exe
- CURRENT_IRQL: 0
- LAST_CONTROL_TRANSFER: from fffff803aee058a9 to fffff803aedfa4c0
- STACK_TEXT:
- ffffa980`a7d87938 fffff803`aee058a9 : 00000000`00000001 00007ff8`661a5a64 00000000`00000000 00000000`0000ffff : nt!KeBugCheckEx
- ffffa980`a7d87940 fffff803`aee057ab : 00000000`00004000 000000e0`c66fcda0 000000e0`c66fcda8 ffffffff`ffffffff : nt!KiBugCheckDispatch+0x69
- ffffa980`a7d87a80 00007ff8`661a5a64 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExitPico+0x194
- 000000e0`c66fd258 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`661a5a64
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: 1b1fd012b2a510c586295e696f84a9476c8f91e5
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 2f23c0fd5d286fdc1748b3b41b103ae80a3b4264
- THREAD_SHA1_HASH_MOD: 2a7ca9d3ab5386d53fea7498e1d81b9c4a4c036b
- FOLLOWUP_IP:
- nt!KiSystemServiceExitPico+194
- fffff803`aee057ab 4883ec50 sub rsp,50h
- FAULT_INSTR_CODE: 50ec8348
- SYMBOL_STACK_INDEX: 2
- SYMBOL_NAME: nt!KiSystemServiceExitPico+194
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: nt
- IMAGE_NAME: ntkrnlmp.exe
- DEBUG_FLR_IMAGE_TIMESTAMP: 595f24eb
- IMAGE_VERSION: 10.0.15063.483
- BUCKET_ID_FUNC_OFFSET: 194
- FAILURE_BUCKET_ID: 0x1_SysCallNum_36_nt!KiSystemServiceExitPico
- BUCKET_ID: 0x1_SysCallNum_36_nt!KiSystemServiceExitPico
- PRIMARY_PROBLEM_CLASS: 0x1_SysCallNum_36_nt!KiSystemServiceExitPico
- TARGET_TIME: 2017-07-29T01:26:32.000Z
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:0x1_syscallnum_36_nt!kisystemserviceexitpico
- FAILURE_ID_HASH: {90837ed7-51d1-84e3-21f5-1a89def7df0c}
- Followup: MachineOwner
- ========================================================================
- ==================== Dump File: 073017-19421-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (8 procs) Free x64
- Kernel base = 0xfffff800`a1c80000 PsLoadedModuleList = 0xfffff800`a1fcc5e0
- Debug session time: Sun Jul 30 23:45:32.967 2017 (UTC - 4:00)
- System Uptime: 1 days 1:42:01.704
- BugCheck 50, {ffffac04de821a4c, 0, fffff800a2150170, 2}
- Could not read faulting driver name
- Probably caused by : memory_corruption
- Followup: memory_corruption
- PAGE_FAULT_IN_NONPAGED_AREA (50)
- Invalid system memory was referenced. This cannot be protected by try-except.
- Typically the address is just plain bad or it is pointing at freed memory.
- Arguments:
- Arg1: ffffac04de821a4c, memory referenced.
- Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
- Arg3: fffff800a2150170, If non-zero, the instruction address which referenced the bad memory
- address.
- Arg4: 0000000000000002, (reserved)
- Debugging Details:
- Could not read faulting driver name
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- READ_ADDRESS: fffff800a2061358: Unable to get MiVisibleState
- ffffac04de821a4c
- FAULTING_IP:
- nt!PsQueryStatisticsProcess+c0
- fffff800`a2150170 4403b6ecfbffff add r14d,dword ptr [rsi-414h]
- MM_INTERNAL_CODE: 2
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: AV
- PROCESS_NAME: ENBInjector.exe
- CURRENT_IRQL: 0
- TRAP_FRAME: ffff8500116b39a0 -- (.trap 0xffff8500116b39a0)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
- rdx=fffff800a2063080 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff800a2150170 rsp=ffff8500116b3b30 rbp=0000000000000bb7
- r8=ffff8500116b3b38 r9=00000000000002fd r10=ffffc084c8506d80
- r11=ffff8500116b3bb4 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei pl nz ac po nc
- nt!PsQueryStatisticsProcess+0xc0:
- fffff800`a2150170 4403b6ecfbffff add r14d,dword ptr [rsi-414h] ds:ffffffff`fffffbec=????????
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff800a1e21fb4 to fffff800a1dec4c0
- STACK_TEXT:
- ffff8500`116b3708 fffff800`a1e21fb4 : 00000000`00000050 ffffac04`de821a4c 00000000`00000000 ffff8500`116b39a0 : nt!KeBugCheckEx
- ffff8500`116b3710 fffff800`a1d0d2d6 : 00000000`00000000 ffffac04`de821a4c ffff8500`116b39a0 ffffac04`3c80a300 : nt!MiSystemFault+0x116e84
- ffff8500`116b37b0 fffff800`a1df5d72 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0xae6
- ffff8500`116b39a0 fffff800`a2150170 : ffff8500`00000000 fffff800`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x132
- ffff8500`116b3b30 fffff800`a214ffc0 : 08080605`0031fdbd ffffac04`353777c0 ffffc084`c8506b40 ffffac04`42e14f60 : nt!PsQueryStatisticsProcess+0xc0
- ffff8500`116b3b90 fffff800`a2120609 : 00000000`000514d0 00000000`00000000 00000000`00000001 fffff800`a1fc6040 : nt!ExpCopyProcessInfo+0x270
- ffff8500`116b3c30 fffff800`a212bfae : 00000000`00000000 ffffe880`0007c400 ffff0001`00000000 00000000`00000000 : nt!ExpGetProcessInformation+0x229
- ffff8500`116b4200 fffff800`a212b7fb : 00000000`0207fd34 00000000`0207fddc 00000000`00010000 00000000`00008000 : nt!ExpQuerySystemInformation+0x68e
- ffff8500`116b4a40 fffff800`a1df7413 : 00000000`00008000 00000000`004bea30 00000000`004bea40 ffffffff`ffffffff : nt!NtQuerySystemInformation+0x2b
- ffff8500`116b4a80 00007ffb`db865a64 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- 00000000`004be638 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`db865a64
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff800a1d080ef - nt!MiGetNextPageTable+19f
- [ f6:e8 ]
- fffff800a1d08122 - nt!MiGetNextPageTable+1d2 (+0x33)
- [ f6:e8 ]
- fffff800a1d0d3b0 - nt!MmAccessFault+bc0 (+0x528e)
- [ f6:e8 ]
- fffff800a1d15a80-fffff800a1d15a81 2 bytes - nt!MiInsertPageInFreeOrZeroedList+20 (+0x86d0)
- [ 80 fa:00 ef ]
- fffff800a1e21fd9 - nt!MiValidFault+1160f9 (+0x10c559)
- [ f6:e8 ]
- fffff800a2150365-fffff800a2150366 2 bytes - nt!MiAllocateDriverPage+99
- [ 80 fa:00 ef ]
- fffff800a2150514-fffff800a2150515 2 bytes - nt!MmCreateProcessAddressSpace+17c (+0x1af)
- [ 80 fa:00 ef ]
- fffff800a215056b-fffff800a215056f 5 bytes - nt!MmCreateProcessAddressSpace+1d3 (+0x57)
- [ d0 be 7d fb f6:10 3d 7a f4 e8 ]
- fffff800a21505b4 - nt!MmCreateProcessAddressSpace+21c (+0x49)
- [ f6:e8 ]
- 16 errors : !nt (fffff800a1d080ef-fffff800a21505b4)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2017-07-31T03:45:32.000Z
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ========================================================================
- ==================== Dump File: 080117-24359-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (8 procs) Free x64
- Kernel base = 0xfffff802`12c8b000 PsLoadedModuleList = 0xfffff802`12fd75e0
- Debug session time: Tue Aug 1 19:58:00.906 2017 (UTC - 4:00)
- System Uptime: 1 days 20:11:08.959
- BugCheck 50, {ffffaa012486268c, 0, fffff8021315b170, 2}
- Could not read faulting driver name
- Probably caused by : memory_corruption
- Followup: memory_corruption
- PAGE_FAULT_IN_NONPAGED_AREA (50)
- Invalid system memory was referenced. This cannot be protected by try-except.
- Typically the address is just plain bad or it is pointing at freed memory.
- Arguments:
- Arg1: ffffaa012486268c, memory referenced.
- Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
- Arg3: fffff8021315b170, If non-zero, the instruction address which referenced the bad memory
- address.
- Arg4: 0000000000000002, (reserved)
- Debugging Details:
- Could not read faulting driver name
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- READ_ADDRESS: fffff8021306c358: Unable to get MiVisibleState
- ffffaa012486268c
- FAULTING_IP:
- nt!PsQueryStatisticsProcess+c0
- fffff802`1315b170 4403b6ecfbffff add r14d,dword ptr [rsi-414h]
- MM_INTERNAL_CODE: 2
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: AV
- PROCESS_NAME: Rainmeter.exe
- CURRENT_IRQL: 0
- TRAP_FRAME: ffff98009c1509a0 -- (.trap 0xffff98009c1509a0)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
- rdx=fffff8021306e080 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff8021315b170 rsp=ffff98009c150b30 rbp=0000000000000646
- r8=ffff98009c150b38 r9=00000000000002fd r10=ffffc182e253b980
- r11=ffff98009c150bb4 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz ac pe cy
- nt!PsQueryStatisticsProcess+0xc0:
- fffff802`1315b170 4403b6ecfbffff add r14d,dword ptr [rsi-414h] ds:ffffffff`fffffbec=????????
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff80212e2cfb4 to fffff80212df74c0
- STACK_TEXT:
- ffff9800`9c150708 fffff802`12e2cfb4 : 00000000`00000050 ffffaa01`2486268c 00000000`00000000 ffff9800`9c1509a0 : nt!KeBugCheckEx
- ffff9800`9c150710 fffff802`12d182d6 : 00000000`00000000 ffffaa01`2486268c ffff9800`9c1509a0 ffffaa01`ed1321c0 : nt!MiSystemFault+0x116e84
- ffff9800`9c1507b0 fffff802`12e00d72 : 00000000`00020000 00000121`b47ff500 ffff9800`00020000 00000000`00000000 : nt!MmAccessFault+0xae6
- ffff9800`9c1509a0 fffff802`1315b170 : ffff9800`00000000 fffff802`00000000 000001f3`00000000 00000000`00000000 : nt!KiPageFault+0x132
- ffff9800`9c150b30 fffff802`1315afc0 : 08080605`00000da1 ffffaa01`df6c2080 ffffc182`e253b740 ffffaa01`e63d9970 : nt!PsQueryStatisticsProcess+0xc0
- ffff9800`9c150b90 fffff802`1312b609 : 00000000`00013e80 00000000`00000000 00000000`00000000 fffff802`12fd1040 : nt!ExpCopyProcessInfo+0x270
- ffff9800`9c150c30 fffff802`13136fae : 00000000`00000486 fffff802`0008cfe8 00000000`00000001 00000000`00000000 : nt!ExpGetProcessInformation+0x229
- ffff9800`9c151200 fffff802`131367fb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExpQuerySystemInformation+0x68e
- ffff9800`9c151a40 fffff802`12e02413 : ffffaa01`df6c2080 00000002`8a1fb000 00000000`00000000 ffffaa01`dfeb13e0 : nt!NtQuerySystemInformation+0x2b
- ffff9800`9c151a80 00007fff`78a25a64 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- 00000121`b47feaa8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`78a25a64
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff80212d130ee-fffff80212d130ef 2 bytes - nt!MiGetNextPageTable+19e
- [ 80 f6:00 87 ]
- fffff80212d13121-fffff80212d13122 2 bytes - nt!MiGetNextPageTable+1d1 (+0x33)
- [ 80 f6:00 87 ]
- fffff80212d183af-fffff80212d183b0 2 bytes - nt!MmAccessFault+bbf (+0x528e)
- [ 80 f6:00 87 ]
- fffff80212d1d557-fffff80212d1d558 2 bytes - nt!MiCompletePrivateZeroFault+517 (+0x51a8)
- [ 80 f6:00 87 ]
- fffff80212d1d568 - nt!MiCompletePrivateZeroFault+528 (+0x11)
- [ fa:82 ]
- fffff80212e2cfd8-fffff80212e2cfd9 2 bytes - nt!MiValidFault+1160f8 (+0x10fa70)
- [ ff f6:7f 87 ]
- fffff8021315b366 - nt!MiAllocateDriverPage+9a
- [ fa:82 ]
- fffff8021315b515 - nt!MmCreateProcessAddressSpace+17d (+0x1af)
- [ fa:82 ]
- fffff8021315b56b-fffff8021315b56f 5 bytes - nt!MmCreateProcessAddressSpace+1d3 (+0x56)
- [ d0 be 7d fb f6:e0 d0 a1 43 87 ]
- fffff8021315b5b3-fffff8021315b5b4 2 bytes - nt!MmCreateProcessAddressSpace+21b (+0x48)
- [ 80 f6:00 87 ]
- 20 errors : !nt (fffff80212d130ee-fffff8021315b5b4)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2017-08-01T23:58:00.000Z
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ========================================================================
- ==================== Dump File: 080817-36015-01.dmp ====================
- ========================================================================
- Could not open dump file [C:\Users\UserName\Desktop\Minidump\080817-36015-01.dmp], NTSTATUS 0xC000011E
- "An attempt was made to map a file of size zero with the maximum size specified as zero."
- Debuggee initialization failed, NTSTATUS 0xC000011E
- An attempt was made to map a file of size zero with the maximum size specified as zero.
- ========================================================================
- ==================== Dump File: 081017-33859-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (8 procs) Free x64
- Kernel base = 0xfffff802`72406000 PsLoadedModuleList = 0xfffff802`727525e0
- Debug session time: Thu Aug 10 03:41:35.406 2017 (UTC - 4:00)
- System Uptime: 0 days 13:46:15.253
- BugCheck 3B, {c0000005, fffff5e9eae44ba0, ffffb7006a4fcd00, 0}
- Probably caused by : memory_corruption
- Followup: memory_corruption
- SYSTEM_SERVICE_EXCEPTION (3b)
- An exception happened while executing a system service routine.
- Arguments:
- Arg1: 00000000c0000005, Exception code that caused the bugcheck
- Arg2: fffff5e9eae44ba0, Address of the instruction which caused the bugcheck
- Arg3: ffffb7006a4fcd00, Address of the context record for the exception that caused the bugcheck
- Arg4: 0000000000000000, zero.
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
- FAULTING_IP:
- win32kfull!xxxWindowEvent+270
- fffff5e9`eae44ba0 8b4b28 mov ecx,dword ptr [rbx+28h]
- CONTEXT: ffffb7006a4fcd00 -- (.cxr 0xffffb7006a4fcd00)
- rax=0000000000003ee8 rbx=0000000000000198 rcx=0000000000000020
- rdx=000000000000000d rsi=000000000000800b rdi=0000000000000198
- rip=fffff5e9eae44ba0 rsp=ffffb7006a4fd6f0 rbp=0000000000000001
- r8=0000000000000000 r9=0000000000000000 r10=fffff5a540887cb0
- r11=ffffb7006a4fd6a0 r12=fffff5a544eb6010 r13=0000000000000000
- r14=fffff5a544eb6010 r15=fffff5a540887cb0
- iopl=0 nv up ei pl nz na pe nc
- cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
- win32kfull!xxxWindowEvent+0x270:
- fffff5e9`eae44ba0 8b4b28 mov ecx,dword ptr [rbx+28h] ds:002b:00000000`000001c0=????????
- Resetting default scope
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: 0x3B
- PROCESS_NAME: Rainmeter.exe
- CURRENT_IRQL: 0
- LAST_CONTROL_TRANSFER: from fffff5e9eaedb0dd to fffff5e9eae44ba0
- STACK_TEXT:
- ffffb700`6a4fd6f0 fffff5e9`eaedb0dd : fffff5a5`40887cb0 00000000`00000001 fffff5a5`00000000 00000000`00000000 : win32kfull!xxxWindowEvent+0x270
- ffffb700`6a4fd7d0 fffff5e9`eaedadb0 : fffff5a5`00000000 00000000`00000000 fffff5a5`40800760 ffffb700`6a4fdb00 : win32kfull!zzzUpdateLayeredWindow+0x1dd
- ffffb700`6a4fd890 fffff802`7257d413 : 00000000`00000000 fffff5a5`40179010 00000000`00000000 00000000`0085000f : win32kfull!NtUserUpdateLayeredWindow+0x310
- ffffb700`6a4fda10 00007fff`6d6d9c04 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- 0000001d`1a5ff338 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`6d6d9c04
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff80272493d27-fffff80272493d28 2 bytes - nt!MiResolvePageTablePage+3b7
- [ ff f6:7f 80 ]
- fffff80272493d48-fffff80272493d4c 5 bytes - nt!MiResolvePageTablePage+3d8 (+0x21)
- [ df be 7d fb f6:0f 10 20 40 80 ]
- 7 errors : !nt (fffff80272493d27-fffff80272493d4c)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- STACK_COMMAND: .cxr 0xffffb7006a4fcd00 ; kb
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2017-08-10T07:41:35.000Z
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ========================================================================
- ==================== Dump File: 081117-27484-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (8 procs) Free x64
- Kernel base = 0xfffff800`2dc0b000 PsLoadedModuleList = 0xfffff800`2df575e0
- Debug session time: Fri Aug 11 02:16:08.557 2017 (UTC - 4:00)
- System Uptime: 0 days 8:54:00.295
- BugCheck 1A, {41201, ffffb180e1c4fd40, 81000001fbb38867, ffff8000cbf1cca0}
- *** WARNING: Unable to verify timestamp for aswSnx.sys
- *** ERROR: Module load completed but symbols could not be loaded for aswSnx.sys
- Probably caused by : aswSnx.sys ( aswSnx+2ca7c )
- Followup: MachineOwner
- MEMORY_MANAGEMENT (1a)
- # Any other values for parameter 1 must be individually examined.
- Arguments:
- Arg1: 0000000000041201, The subtype of the bugcheck.
- Arg2: ffffb180e1c4fd40
- Arg3: 81000001fbb38867
- Arg4: ffff8000cbf1cca0
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- BUGCHECK_STR: 0x1a_41201
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- PROCESS_NAME: dwm.exe
- CURRENT_IRQL: 2
- LAST_CONTROL_TRANSFER: from fffff8002ddab64f to fffff8002dd774c0
- STACK_TEXT:
- ffffa001`88572658 fffff800`2ddab64f : 00000000`0000001a 00000000`00041201 ffffb180`e1c4fd40 81000001`fbb38867 : nt!KeBugCheckEx
- ffffa001`88572660 fffff800`2dc92ae3 : ffffb180`e1c4fd40 00000000`00001000 81000001`fbb38867 00000000`00000000 : nt!MiGetPageProtection+0x1183bf
- ffffa001`885726b0 fffff800`2dc9263e : 000001c3`00000000 ffff8000`cc6c8300 00000000`00000000 ffff8000`c85c2cc0 : nt!MiQueryAddressState+0x2b3
- ffffa001`88572740 fffff800`2e09801f : 00000000`00000004 00000000`00000001 00000000`00000004 000001c3`89fa8000 : nt!MiQueryAddressSpan+0x12e
- ffffa001`885727f0 fffff800`2e0978c1 : ffff8000`c3afe328 fffff802`32c9ae1e 00000000`00000000 ffffa001`88572b00 : nt!MmQueryVirtualMemory+0x74f
- ffffa001`88572950 fffff802`32c8ca7c : ffff8000`c87ce080 ffffa001`88572b00 00000000`00000000 00000000`00000000 : nt!NtQueryVirtualMemory+0x25
- ffffa001`885729a0 ffff8000`c87ce080 : ffffa001`88572b00 00000000`00000000 00000000`00000000 00000000`00000030 : aswSnx+0x2ca7c
- ffffa001`885729a8 ffffa001`88572b00 : 00000000`00000000 00000000`00000000 00000000`00000030 00000000`00000000 : 0xffff8000`c87ce080
- ffffa001`885729b0 00000000`00000000 : 00000000`00000000 00000000`00000030 00000000`00000000 00000000`00000000 : 0xffffa001`88572b00
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: 8b8df3644f2ba866ecd34dd933e861ec071165b8
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: b40b641fae2e02c51751f917db202ac63bf375bf
- THREAD_SHA1_HASH_MOD: 294208b26ea2bd053b3c7521e0b25fbf7190b739
- FOLLOWUP_IP:
- aswSnx+2ca7c
- fffff802`32c8ca7c 448be0 mov r12d,eax
- FAULT_INSTR_CODE: 48e08b44
- SYMBOL_STACK_INDEX: 6
- SYMBOL_NAME: aswSnx+2ca7c
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: aswSnx
- IMAGE_NAME: aswSnx.sys
- DEBUG_FLR_IMAGE_TIMESTAMP: 598357b2
- BUCKET_ID_FUNC_OFFSET: 2ca7c
- FAILURE_BUCKET_ID: 0x1a_41201_aswSnx!unknown_function
- BUCKET_ID: 0x1a_41201_aswSnx!unknown_function
- PRIMARY_PROBLEM_CLASS: 0x1a_41201_aswSnx!unknown_function
- TARGET_TIME: 2017-08-11T06:16:08.000Z
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:0x1a_41201_aswsnx!unknown_function
- FAILURE_ID_HASH: {97b71e72-b2e8-594a-4626-a4f1ce1dbb06}
- Followup: MachineOwner
- ========================================================================
- ==================== Dump File: 081317-29906-01.dmp ====================
- ========================================================================
- Could not open dump file [C:\Users\UserName\Desktop\Minidump\081317-29906-01.dmp], NTSTATUS 0xC000011E
- "An attempt was made to map a file of size zero with the maximum size specified as zero."
- Debuggee initialization failed, NTSTATUS 0xC000011E
- An attempt was made to map a file of size zero with the maximum size specified as zero.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement