BSOD only when playing a specific game - Windows 7 x64

Branchez · Jan 9, 2015

Hello everyone,

Few days ago I started getting BSODs while playing a game (ArmA 2 Dayz Overpoch mod). It only happens in the game and only when I actually start playing (so not in main menu etc.)

From very limited information I have, BSOD is most of the time caused by overheating and/or if I have bad drivers/hardware. So I checked the temperatures and all was fine. I also checked the drivers but I new they are up to date as less than a month ago I did a clean reinstall of win 7. I also tried reinstalling the game but it didn't help. I thought to use sfc /scannow to check if system is all right and all is fine. I also did a complete virus scan (even tho I haven't had problems with viruses for years and years of my gaming experience). And this happens only when playing this mod. I tried playing vanilla game and it worked fine. Same goes for other games. Also, I did mdsched.exe, chkdsk /f /r and like I said sfc /scannow. I also tried a system restore to a point where I am sure everything worked fine but didn't help eiter. I used BlueScreenView to check and this is what I found:

==================================================Dump File : 010915-15802-01.dmp
Crash Time : 9.1.2015 2:22:11
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xabe0bffe
Parameter 2 : 0x00000000
Parameter 3 : 0x82c415c5
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+8d879
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+8d879
Stack Address 1 : ntkrnlpa.exe+40aa8
Stack Address 2 : ntkrnlpa.exe+2b5c5
Stack Address 3 : BEDaisy.sys+164ed
Computer Name :
Full Path : C:\Windows\Minidump\010915-15802-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 144.000
Dump File Time : 9.1.2015 2:23:19
==================================================

So I googled ntkrnlpa.exe but I couldn't find the same case I had. So that's why I decided to ask you guys for help. I have attached these .zip files as requested.

And now for the information about my PC:

· OS - Windows 7· x86 (32-bit)
· What was original installed OS on system? Linux
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? No I got it changed at the place I bought my PC.
· Age of system (hardware) 3.5 years
· Age of OS installation - have you re-installed the OS? Yes, reinstalled windows 7 maybe a month ago.

· CPU - 2.8 GHz AMD Phenom II Dual-Core Processor N620
· Video Card - ATI Mobility Radeon HD 5470 Graphics (switchable)
· MotherBoard - Laptop
· Power Supply - Laptop

· System Manufacturer - HP
· Exact model number - G62-b50EM

· Laptop or Desktop? Laptop HP G62-b50EM

What am I to do now? Any help would be appreciated. Thank you in advance

Branchez

Branchez · Jan 9, 2015

And I forgot to mention, in the report you will see that I don't have AV installed atm, because I am in the process of changing the one I use.

jcgriff2 · Jan 9, 2015

Hi. . .

The problem child is BattlEye\BEDaisy.sys

It is a brand new driver - just released yesterday -

Code:

BEDaisy.sys  Thu [COLOR=#ff0000]Jan 08 [/COLOR]12:47:39 [COLOR=#ff0000]2015 [/COLOR](54AEC2BB)

Run Driver Verifier - see if it flags bedaisy.sys

https://www.sysnative.com/forums/bs...ted-windows-10-8-1-8-7-and-windows-vista.html

Select only the BEDaisy.sys driver - no others.

I'm asking you to do this to try and give you ammunition to go back to the game manufacturer. BEDaisy.sys should be able to pass all of the Driver Verifier checks.

There is not much we can help you with unfortunately. It will be up to the driver developers that wrote BEDaisy.sys.

Regards. . .

jcgriff2

Code:

Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\PalmDesert\AppData\Local\Temp\Temp4_SysnativeFileCollectionApp.zip\010915-14024-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18409.x86fre.win7sp1_gdr.140303-2144
Machine Name:
Kernel base = 0x82c1a000 PsLoadedModuleList = 0x82d635b0
Debug session time: Fri Jan  9 12:08:12.455 2015 (UTC - 5:00)
System Uptime: 0 days 0:30:38.001
Loading Kernel Symbols
...............................................................
................................................................
......................................................
Loading User Symbols
Loading unloaded module list
..............................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {a4f86ffe, 0, 82c455c5, 0}

Unable to load image \??\C:\Program Files\Common Files\BattlEye\BEDaisy.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for BEDaisy.sys
*** ERROR: Module load completed but symbols could not be loaded for BEDaisy.sys
Processing initial command '!analyze -v;r;kv;lmtn;lmtsmn;.bugcheck'
Probably caused by : BEDaisy.sys ( BEDaisy+164ed )

Followup: MachineOwner
---------

1: kd> !analyze -v;r;kv;lmtn;lmtsmn;.bugcheck
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: a4f86ffe, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 82c455c5, If non-zero, the instruction address which referenced the bad memory
	address.
Arg4: 00000000, (reserved)

Debugging Details:
------------------


OVERLAPPED_MODULE: Address regions for 'BEDaisy' and 'BEDaisy.sys' overlap

READ_ADDRESS: GetPointerFromAddress: unable to read from 82d8384c
Unable to read MiSystemVaType memory at 82d62f00
 a4f86ffe 

FAULTING_IP: 
nt!_wcsnicmp+13
82c455c5 0fb702          movzx   eax,word ptr [edx]

MM_INTERNAL_CODE:  0

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  ArmA2OA.exe

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre

TRAP_FRAME:  8edf25ac -- (.trap 0xffffffff8edf25ac)
ErrCode = 00000000
eax=00000000 ebx=82c455b2 ecx=00000200 edx=a4f86ffe esi=8edf2874 edi=fffffff6
eip=82c455c5 esp=8edf2620 ebp=8edf2624 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
nt!_wcsnicmp+0x13:
82c455c5 0fb702          movzx   eax,word ptr [edx]       ds:0023:a4f86ffe=????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 82c5aaa8 to 82ca7879

STACK_TEXT:  
8edf2594 82c5aaa8 00000000 a4f86ffe 00000000 nt!MmAccessFault+0x104
8edf2594 82c455c5 00000000 a4f86ffe 00000000 nt!KiTrap0E+0xdc
8edf2624 9f2194ed a4f86ffe 8edf2874 00000007 nt!_wcsnicmp+0x13
WARNING: Stack unwind information not available. Following frames may be wrong.
8edf28a4 883b8aeb 85e75e88 8edf28c4 8edf28f0 BEDaisy+0x164ed
8edf2910 883bbc77 8edf2928 8edf29cc 8edf2988 fltmgr!FltpPerformPreCallbacks+0x34d
8edf2940 82cac273 8edf2988 8edf29d4 855e2218 fltmgr!FltpPreFsFilterOperation+0xab
8edf2964 82e4c201 00000001 00000001 8edf2abb nt!FsFilterPerformCallbacks+0xa4
8edf2ac0 82e3eb7c 84f03420 00000010 00000000 nt!FsRtlAcquireFileExclusiveCommon+0x10a
8edf2be0 82e3e2bb 8edf2c34 0000000f 00000000 nt!MmCreateSection+0x384
8edf2d10 82c578c6 0191f99c 0000000f 00000000 nt!NtCreateSection+0x16e
8edf2d10 0655a000 0191f99c 0000000f 00000000 nt!KiSystemServicePostCall
00002000 00000000 00000000 00000000 00000000 0x655a000


STACK_COMMAND:  kb

FOLLOWUP_IP: 
BEDaisy+164ed
9f2194ed ??              ???

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  BEDaisy+164ed

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: BEDaisy

IMAGE_NAME:  BEDaisy.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  54aec2bb

FAILURE_BUCKET_ID:  0x50_BEDaisy+164ed

BUCKET_ID:  0x50_BEDaisy+164ed

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x50_bedaisy+164ed

FAILURE_ID_HASH:  {4cecb8d5-5808-7679-e8b7-7b8f371e2978}

Followup: MachineOwner
---------

eax=82d51f84 ebx=85425d00 ecx=00000016 edx=00000000 esi=807c4120 edi=00000000
eip=82ca7879 esp=8edf2518 ebp=8edf2594 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000206
nt!MmAccessFault+0x104:
82ca7879 cc              int     3
ChildEBP RetAddr  Args to Child              
8edf2594 82c5aaa8 00000000 a4f86ffe 00000000 nt!MmAccessFault+0x104
8edf2594 82c455c5 00000000 a4f86ffe 00000000 nt!KiTrap0E+0xdc (FPO: [0,0] TrapFrame @ 8edf25ac)
8edf2624 9f2194ed a4f86ffe 8edf2874 00000007 nt!_wcsnicmp+0x13 (FPO: [Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be wrong.
8edf28a4 883b8aeb 85e75e88 8edf28c4 8edf28f0 BEDaisy+0x164ed
8edf2910 883bbc77 8edf2928 8edf29cc 8edf2988 fltmgr!FltpPerformPreCallbacks+0x34d (FPO: [Non-Fpo])
8edf2940 82cac273 8edf2988 8edf29d4 855e2218 fltmgr!FltpPreFsFilterOperation+0xab (FPO: [Non-Fpo])
8edf2964 82e4c201 00000001 00000001 8edf2abb nt!FsFilterPerformCallbacks+0xa4
8edf2ac0 82e3eb7c 84f03420 00000010 00000000 nt!FsRtlAcquireFileExclusiveCommon+0x10a
8edf2be0 82e3e2bb 8edf2c34 0000000f 00000000 nt!MmCreateSection+0x384
8edf2d10 82c578c6 0191f99c 0000000f 00000000 nt!NtCreateSection+0x16e
8edf2d10 0655a000 0191f99c 0000000f 00000000 nt!KiSystemServicePostCall (FPO: [0,3] TrapFrame-EDITED @ 8edf2d10)
00002000 00000000 00000000 00000000 00000000 0x655a000
start    end        module name
80bbc000 80bc4000   kdcom    kdcom.dll    Mon Jul 13 21:08:58 2009 (4A5BDAAA)
82c1a000 8302d000   nt       ntkrpamp.exe Tue Mar 04 03:19:27 2014 (53158C8F)
8302d000 83064000   hal      halmacpi.dll Sat Nov 20 03:37:38 2010 (4CE788D2)
83200000 83208000   msisadrv msisadrv.sys Mon Jul 13 19:11:09 2009 (4A5BBF0D)
8320c000 83217000   mcupdate_AuthenticAMD mcupdate_AuthenticAMD.dll Mon Jul 13 19:13:13 2009 (4A5BBF89)
83217000 83228000   PSHED    PSHED.dll    Mon Jul 13 21:09:36 2009 (4A5BDAD0)
83228000 83230000   BOOTVID  BOOTVID.dll  Mon Jul 13 21:04:34 2009 (4A5BD9A2)
83230000 83272000   CLFS     CLFS.SYS     Mon Jul 13 19:11:10 2009 (4A5BBF0E)
83272000 8331d000   CI       CI.dll       Sat Nov 20 07:05:17 2010 (4CE7B97D)
8331d000 8339e000   Wdf01000 Wdf01000.sys Fri Jun 21 22:29:37 2013 (51C50C11)
8339e000 833ac000   WDFLDR   WDFLDR.SYS   Wed Jul 25 22:36:38 2012 (5010AD36)
833ac000 833f4000   ACPI     ACPI.sys     Sat Nov 20 03:37:52 2010 (4CE788E0)
833f4000 833fd000   WMILIB   WMILIB.SYS   Mon Jul 13 19:11:22 2009 (4A5BBF1A)
88200000 8822b000   BAPIDRV  BAPIDRV.sys  Mon Apr 14 02:34:43 2014 (534B8183)
8822d000 88257000   pci      pci.sys      Sat Nov 20 03:37:57 2010 (4CE788E5)
88257000 88262000   vdrvroot vdrvroot.sys Mon Jul 13 19:46:19 2009 (4A5BC74B)
88262000 8826d400   Hookport Hookport.sys Mon Apr 21 09:20:41 2014 (53551B29)
8826e000 8827f000   partmgr  partmgr.sys  Sat Mar 17 01:03:08 2012 (4F641B0C)
8827f000 88287000   compbatt compbatt.sys Mon Jul 13 19:19:18 2009 (4A5BC0F6)
88287000 88292000   BATTC    BATTC.SYS    Mon Jul 13 19:19:15 2009 (4A5BC0F3)
88292000 882a2000   volmgr   volmgr.sys   Sat Nov 20 03:38:06 2010 (4CE788EE)
882a2000 882ed000   volmgrx  volmgrx.sys  unavailable (00000000)
882ed000 88303000   mountmgr mountmgr.sys Sat Nov 20 03:38:09 2010 (4CE788F1)
88303000 8830c000   atapi    atapi.sys    Mon Jul 13 19:11:15 2009 (4A5BBF13)
8830c000 8832f000   ataport  ataport.SYS  Sun Aug 04 20:46:59 2013 (51FEF603)
8832f000 88339000   msahci   msahci.sys   Sat Nov 20 04:50:48 2010 (4CE799F8)
88339000 88347000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:11:15 2009 (4A5BBF13)
88347000 8835a000   amd_sata amd_sata.sys Thu Nov 11 15:15:05 2010 (4CDC4EC9)
8835a000 883a2000   storport storport.sys Mon Feb 03 20:17:23 2014 (52F03FA3)
883a2000 883ad000   amd_xata amd_xata.sys Thu Nov 11 15:15:07 2010 (4CDC4ECB)
883ad000 883b6000   amdxata  amdxata.sys  Fri Mar 19 12:19:01 2010 (4BA3A3F5)
883b6000 883ea000   fltmgr   fltmgr.sys   Mon Jul 13 19:11:13 2009 (4A5BBF11)
883ea000 883fb000   fileinfo fileinfo.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
88400000 8840e000   pcw      pcw.sys      Mon Jul 13 19:11:10 2009 (4A5BBF0E)
8840e000 88417000   Fs_Rec   Fs_Rec.sys   unavailable (00000000)
88434000 88563000   Ntfs     Ntfs.sys     Thu Jan 23 20:01:10 2014 (52E1BB56)
88563000 8858e000   msrpc    msrpc.sys    unavailable (00000000)
8858e000 885a1000   ksecdd   ksecdd.sys   Fri Apr 11 20:58:25 2014 (53488FB1)
885a1000 885fe000   cng      cng.sys      Wed Aug 01 11:09:40 2012 (501946B4)
8861b000 886d2000   ndis     ndis.sys     Wed Aug 22 10:51:06 2012 (5034F1DA)
886d2000 88710000   NETIO    NETIO.SYS    Tue Nov 26 05:01:51 2013 (5294718F)
88710000 88736000   ksecpkg  ksecpkg.sys  Mon Oct 13 20:52:47 2014 (543C73DF)
88736000 88746000   mup      mup.sys      Mon Jul 13 19:14:14 2009 (4A5BBFC6)
88746000 8874e000   hwpolicy hwpolicy.sys Sat Nov 20 03:37:35 2010 (4CE788CF)
8874e000 88780000   fvevol   fvevol.sys   Wed Jan 23 21:41:37 2013 (51009F61)
88780000 88791000   disk     disk.sys     Mon Jul 13 19:11:28 2009 (4A5BBF20)
88791000 887b6000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:11:20 2009 (4A5BBF18)
887b6000 887be000   AtiPcie  AtiPcie.sys  Wed Mar 10 09:33:41 2010 (4B97ADC5)
887be000 887f9000   mrxsmb10 mrxsmb10.sys Fri Jul 08 22:29:57 2011 (4E17BD25)
88800000 8882d000   rdyboost rdyboost.sys Sat Nov 20 04:00:07 2010 (4CE78E17)
8882d000 88979000   tcpip    tcpip.sys    Fri Apr 04 21:10:29 2014 (533F5805)
88979000 889aa000   fwpkclnt fwpkclnt.sys Fri Apr 04 21:08:43 2014 (533F579B)
889aa000 889b3000   vmstorfl vmstorfl.sys unavailable (00000000)
889b3000 889f2000   volsnap  volsnap.sys  Sat Nov 20 03:38:13 2010 (4CE788F5)
889f2000 889fa000   spldr    spldr.sys    Mon May 11 12:13:47 2009 (4A084EBB)
889fa000 889fe280   speedfan speedfan.sys Sat Dec 29 15:59:33 2012 (50DF59B5)
889ff000 889ff680   giveio   giveio.sys   Wed Apr 03 22:33:25 1996 (316334F5)
8d400000 8d41a000   360AntiHacker 360AntiHacker.sys Wed Apr 09 04:47:29 2014 (53450921)
8d422000 8d462000   dtsoftbus01 dtsoftbus01.sys Fri Feb 21 04:49:46 2014 (5307213A)
8d462000 8d481000   cdrom    cdrom.sys    Sat Nov 20 03:38:09 2010 (4CE788F1)
8d481000 8d4b7000   360Box   360Box.sys   Fri May 09 03:18:07 2014 (536C812F)
8d4b7000 8d4be000   Null     Null.SYS     unavailable (00000000)
8d4be000 8d4c5000   Beep     Beep.SYS     Mon Jul 13 19:45:00 2009 (4A5BC6FC)
8d4c5000 8d4ed780   360SelfProtection 360SelfProtection.sys Mon Apr 21 09:13:16 2014 (5355196C)
8d4ee000 8d4fa000   vga      vga.sys      Mon Jul 13 19:25:50 2009 (4A5BC27E)
8d4fa000 8d51b000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:25:49 2009 (4A5BC27D)
8d51b000 8d528000   watchdog watchdog.sys Mon Jul 13 19:24:10 2009 (4A5BC21A)
8d528000 8d530000   RDPCDD   RDPCDD.sys   Sat Nov 20 05:22:19 2010 (4CE7A15B)
8d530000 8d538000   rdpencdd rdpencdd.sys Mon Jul 13 20:01:39 2009 (4A5BCAE3)
8d538000 8d540000   rdprefmp rdprefmp.sys Mon Jul 13 20:01:41 2009 (4A5BCAE5)
8d540000 8d54b000   Msfs     Msfs.SYS     unavailable (00000000)
8d54b000 8d559000   Npfs     Npfs.SYS     Mon Jul 13 19:11:31 2009 (4A5BBF23)
8d559000 8d570000   tdx      tdx.sys      Mon Nov 10 20:32:14 2014 (5461671E)
8d570000 8d57c000   TDI      TDI.SYS      Sat Nov 20 03:39:18 2010 (4CE78936)
8d57c000 8d5d6000   afd      afd.sys      Fri May 30 02:36:06 2014 (538826D6)
8d5d6000 8d5ee000   dfsc     dfsc.sys     Sat Nov 20 03:42:32 2010 (4CE789F8)
90400000 9040e000   blbdrive blbdrive.sys Mon Jul 13 19:23:04 2009 (4A5BC1D8)
90417000 90449000   netbt    netbt.sys    Sat Nov 20 03:39:22 2010 (4CE7893A)
90449000 90450000   wfplwf   wfplwf.sys   Mon Jul 13 19:53:51 2009 (4A5BC90F)
90450000 9046f000   pacer    pacer.sys    Mon Jul 13 19:53:58 2009 (4A5BC916)
9046f000 90480000   vwififlt vwififlt.sys Mon Jul 13 19:52:03 2009 (4A5BC8A3)
90480000 9048e000   netbios  netbios.sys  Mon Jul 13 19:53:54 2009 (4A5BC912)
9048e000 904a1000   wanarp   wanarp.sys   Sat Nov 20 05:07:45 2010 (4CE79DF1)
904a1000 904b2000   termdd   termdd.sys   Sat Nov 20 05:21:10 2010 (4CE7A116)
904b2000 904d4000   SASKUTIL SASKUTIL.SYS Tue Jul 12 16:24:48 2011 (4E1CAD90)
904d4000 904da000   SASDIFSV SASDIFSV.SYS Thu Jul 21 19:03:16 2011 (4E28B034)
904da000 9051b000   rdbss    rdbss.sys    Sat Nov 20 03:42:44 2010 (4CE78A04)
9051b000 90524100   qutmipc  qutmipc.sys  Tue May 13 22:44:46 2014 (5372D89E)
90525000 90561b00   qutmdrv  qutmdrv.sys  Thu Mar 27 04:15:28 2014 (5333DE20)
90562000 9056c000   nsiproxy nsiproxy.sys Mon Jul 13 19:12:08 2009 (4A5BBF48)
9056c000 90576000   mssmbios mssmbios.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
90576000 90579a80   Efimon   Efimon.sys   Thu Apr 10 02:34:00 2014 (53463B58)
9057a000 90586000   discache discache.sys Mon Jul 13 19:24:04 2009 (4A5BC214)
90586000 905ea000   csc      csc.sys      Sat Nov 20 03:44:32 2010 (4CE78A70)
905ea000 905f5000   360Camera 360Camera.sys Fri Mar 07 05:28:39 2014 (53199F57)
90a18000 90a39000   tunnel   tunnel.sys   Sat Nov 20 05:06:40 2010 (4CE79DB0)
90a39000 90a4a000   amdppm   amdppm.sys   Mon Jul 13 19:11:03 2009 (4A5BBF07)
90a4a000 90a88000   atikmpag atikmpag.sys Fri Mar 04 10:16:27 2011 (4D71024B)
90a88000 90aea000   Rt86win7 Rt86win7.sys Fri Jun 10 02:31:55 2011 (4DF1BA5B)
90aea000 90b02000   rasl2tp  rasl2tp.sys  Mon Jul 13 19:54:33 2009 (4A5BC939)
90b02000 90b24000   ndiswan  ndiswan.sys  Sat Nov 20 05:07:48 2010 (4CE79DF4)
90b24000 90b3c000   raspppoe raspppoe.sys Mon Jul 13 19:54:53 2009 (4A5BC94D)
90b3c000 90b53000   raspptp  raspptp.sys  Mon Jul 13 19:54:47 2009 (4A5BC947)
90b53000 90b6a000   rassstp  rassstp.sys  Mon Jul 13 19:54:57 2009 (4A5BC951)
90b6a000 90b7a000   amdiox86 amdiox86.sys Thu Feb 18 10:17:49 2010 (4B7D5A1D)
90b7a000 90b88000   umbus    umbus.sys    Sat Nov 20 05:00:23 2010 (4CE79C37)
90b88000 90bcc000   usbhub   usbhub.sys   Tue Nov 26 20:14:23 2013 (5295476F)
90bcc000 90bdd000   NDProxy  NDProxy.SYS  Sat Nov 20 05:07:39 2010 (4CE79DEB)
90bdd000 90bf9000   AtihdW73 AtihdW73.sys Thu Mar 31 03:14:44 2011 (4D9429E4)
91200000 9121f000   HDAudBus HDAudBus.sys Sat Nov 20 04:59:28 2010 (4CE79C00)
9121f000 91231000   AgileVpn AgileVpn.sys Mon Jul 13 19:55:00 2009 (4A5BC954)
91231000 9123b000   rdpbus   rdpbus.sys   Mon Jul 13 20:02:40 2009 (4A5BCB20)
9123c000 91904000   atikmdag atikmdag.sys Fri Mar 04 10:40:19 2011 (4D7107E3)
91904000 919bc000   dxgkrnl  dxgkrnl.sys  Sun Jun 15 20:43:59 2014 (539E3DCF)
919bc000 919f5000   dxgmms1  dxgmms1.sys  Sun Jun 15 20:42:07 2014 (539E3D5F)
91a15000 91a44000   portcls  portcls.sys  Thu Oct 03 21:17:06 2013 (524E1712)
91a44000 91a5d000   drmk     drmk.sys     Thu Oct 03 21:47:02 2013 (524E1E16)
91a5d000 91adf000   btwaudio btwaudio.sys Mon Jul 19 17:42:57 2010 (4C44C6E1)
91b0a000 91b8f000   HTTP     HTTP.sys     Sat Nov 20 03:40:17 2010 (4CE78971)
91b8f000 91ba8000   bowser   bowser.sys   Tue Feb 22 23:47:32 2011 (4D649164)
91ba8000 91bcb000   mrxsmb   mrxsmb.sys   Tue Apr 26 22:17:20 2011 (4DB77CB0)
91bcb000 91be6000   mrxsmb20 mrxsmb20.sys Tue Apr 26 22:17:26 2011 (4DB77CB6)
92000000 9200b000   tap0901t tap0901t.sys Wed Sep 16 02:02:40 2009 (4AB07F80)
9200c000 922a7000   bcmwl6   bcmwl6.sys   Wed Sep 01 20:13:57 2010 (4C7EEC45)
922a7000 922b1000   vwifibus vwifibus.sys Mon Jul 13 19:52:02 2009 (4A5BC8A2)
922b1000 922bb000   usbohci  usbohci.sys  Tue Nov 26 20:13:38 2013 (52954742)
922bb000 92306000   USBPORT  USBPORT.SYS  Tue Nov 26 20:13:45 2013 (52954749)
92306000 92312000   usbfilter usbfilter.sys Mon Nov 29 04:50:11 2010 (4CF37753)
92312000 92321000   usbehci  usbehci.sys  Tue Nov 26 20:13:41 2013 (52954745)
92321000 92339000   i8042prt i8042prt.sys Mon Jul 13 19:11:23 2009 (4A5BBF1B)
92339000 92346000   kbdclass kbdclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
92346000 9238d700   SynTP    SynTP.sys    Thu Oct 13 22:33:23 2011 (4E979F73)
9238e000 9238f780   USBD     USBD.SYS     Tue Nov 26 20:13:33 2013 (5295473D)
92390000 9239d000   mouclass mouclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
9239d000 923a0700   CmBatt   CmBatt.sys   Mon Jul 13 19:19:18 2009 (4A5BC0F6)
923a1000 923aa000   wmiacpi  wmiacpi.sys  Mon Jul 13 19:19:16 2009 (4A5BC0F4)
923aa000 923b7000   CompositeBus CompositeBus.sys Sat Nov 20 04:50:21 2010 (4CE799DD)
923b7000 923bc200   clwvd    clwvd.sys    Tue Jul 27 21:13:36 2010 (4C4F8440)
923bd000 923f1000   ks       ks.sys       Sat Nov 20 04:50:17 2010 (4CE799D9)
923f1000 923fc000   ndistapi ndistapi.sys Mon Jul 13 19:54:24 2009 (4A5BC930)
923fc000 923fd380   swenum   swenum.sys   Mon Jul 13 19:45:08 2009 (4A5BC704)
92400000 92410000   ndisuio  ndisuio.sys  Sat Nov 20 05:06:36 2010 (4CE79DAC)
92410000 92423000   rspndr   rspndr.sys   Mon Jul 13 19:53:20 2009 (4A5BC8F0)
92423000 92435000   mpsdrv   mpsdrv.sys   Mon Jul 13 19:52:52 2009 (4A5BC8D4)
92437000 9273fa00   RTKVHDA  RTKVHDA.sys  Tue Sep 07 07:13:32 2010 (4C861E5C)
92740000 92757000   usbccgp  usbccgp.sys  Tue Nov 26 20:13:44 2013 (52954748)
92775000 9277b480   HIDPARSE HIDPARSE.SYS Tue Jul 02 23:36:22 2013 (51D39C36)
92788000 927a3000   luafv    luafv.sys    Mon Jul 13 19:15:44 2009 (4A5BC020)
927a3000 927b3000   lltdio   lltdio.sys   Mon Jul 13 19:53:18 2009 (4A5BC8EE)
927b3000 927f9000   nwifi    nwifi.sys    Mon Jul 13 19:51:59 2009 (4A5BC89F)
96e00000 9702b000   btwampfl btwampfl.sys Mon Jul 12 21:40:47 2010 (4C3BC41F)
9702b000 9703e000   HIDCLASS HIDCLASS.SYS Tue Jul 02 23:36:24 2013 (51D39C38)
9703e000 97049000   mouhid   mouhid.sys   Mon Jul 13 19:45:08 2009 (4A5BC704)
97049000 97054000   monitor  monitor.sys  Mon Jul 13 19:25:58 2009 (4A5BC286)
97054000 97078000   rfcomm   rfcomm.sys   Mon Jul 13 19:51:41 2009 (4A5BC88D)
97078000 97085000   BthEnum  BthEnum.sys  Mon Jul 13 19:51:35 2009 (4A5BC887)
97085000 970a0000   bthpan   bthpan.sys   Mon Jul 13 19:51:43 2009 (4A5BC88F)
970ae000 970d1d80   usbvideo usbvideo.sys Fri Jul 12 06:08:19 2013 (51DFD593)
970d2000 97147000   btwavdt  btwavdt.sys  Mon Jul 19 17:41:56 2010 (4C44C6A4)
97147000 97153000   btwl2cap btwl2cap.sys Mon Mar 01 21:25:09 2010 (4B8C7705)
97153000 97155f00   btwrchid btwrchid.sys Mon Jul 19 17:43:36 2010 (4C44C708)
97156000 97180000   fastfat  fastfat.SYS  Mon Jul 13 19:14:01 2009 (4A5BBFB9)
971ad000 971ba000   crashdmp crashdmp.sys Mon Jul 13 19:45:50 2009 (4A5BC72E)
971ba000 971c4000   dump_diskdump dump_diskdump.sys Mon Feb 03 20:16:53 2014 (52F03F85)
971c4000 971d7000   dump_amd_sata dump_amd_sata.sys Thu Nov 11 15:15:05 2010 (4CDC4EC9)
971d7000 971e8000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:12:47 2009 (4A5BBF6F)
971e8000 971f2000   Dxapi    Dxapi.sys    Mon Jul 13 19:25:25 2009 (4A5BC265)
97a20000 97a6d000   ATMFD    ATMFD.DLL    unavailable (00000000)
97b60000 97db8000   win32k   win32k.sys   Thu Oct 09 20:45:37 2014 (54372C31)
97dd0000 97dd9000   TSDDD    TSDDD.dll    unavailable (00000000)
97de0000 97dfe000   cdd      cdd.dll      unavailable (00000000)
9c601000 9c698000   peauth   peauth.sys   Mon Jul 13 20:35:44 2009 (4A5BD2E0)
9c698000 9c6a2000   secdrv   secdrv.SYS   Wed Sep 13 09:18:32 2006 (45080528)
9c6a2000 9c6c3000   srvnet   srvnet.sys   Thu Apr 28 22:46:08 2011 (4DBA2670)
9c6c3000 9c6d0000   tcpipreg tcpipreg.sys Wed Oct 03 11:21:37 2012 (506C5801)
9c6d0000 9c720000   srv2     srv2.sys     Thu Apr 28 22:46:13 2011 (4DBA2675)
9c720000 9c772000   srv      srv.sys      Thu Apr 28 22:46:30 2011 (4DBA2686)
9c772000 9c784000   BTHUSB   BTHUSB.sys   Wed Apr 27 23:15:02 2011 (4DB8DBB6)
9c784000 9c7e8000   bthport  bthport.sys  Fri Jul 06 15:23:22 2012 (4FF73B2A)
9c7e8000 9c7f3000   hidusb   hidusb.sys   Sat Nov 20 04:59:38 2010 (4CE79C0A)
9c7f3000 9c7ff000   kbdhid   kbdhid.sys   Sat Nov 20 04:50:10 2010 (4CE799D2)
9f203000 9f24c000   BEDaisy  BEDaisy.sys  Thu Jan 08 12:47:39 2015 (54AEC2BB)

Unloaded modules:
9f211000 9f25a000   BEDaisy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00049000
9f219000 9f262000   BEDaisy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00049000
9f211000 9f25a000   BEDaisy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00049000
9f236000 9f27f000   BEDaisy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00049000
9f21e000 9f267000   BEDaisy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00049000
b6a1c000 b6a65000   BEDaisy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00049000
a4832000 a487b000   BEDaisy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00049000
a487b000 a48e5000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0006A000
a423f000 a4282000   BEDaisy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00043000
97101000 9710e000   BthEnum.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000D000
9704a000 970ae000   bthport.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00064000
97038000 9704a000   BTHUSB.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00012000
96e0d000 97038000   btwampfl.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0022B000
970dd000 97101000   rfcomm.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00024000
9710e000 97129000   bthpan.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001B000
91a5d000 91adf000   btwaudio.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00082000
97129000 9719e000   btwavdt.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00075000
9719e000 971aa000   btwl2cap.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
92762000 92775000   HIDCLASS.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00013000
971aa000 971ad000   btwrchid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00003000
92757000 92762000   hidusb.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000
9277c000 92788000   kbdhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
970d2000 970dd000   mouhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000
91be6000 91bfe000   parport.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00018000
971f2000 971fd000   monitor.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000
91adf000 91b0a000   BAPIDRV.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0002B000
887be000 887cb000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000D000
887cb000 887d5000   dump_storpor
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000A000
887d5000 887e8000   dump_amd_sat
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00013000
887e8000 887f9000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00011000
start    end        module name
8d400000 8d41a000   360AntiHacker 360AntiHacker.sys Wed Apr 09 04:47:29 2014 (53450921)
8d481000 8d4b7000   360Box   360Box.sys   Fri May 09 03:18:07 2014 (536C812F)
905ea000 905f5000   360Camera 360Camera.sys Fri Mar 07 05:28:39 2014 (53199F57)
8d4c5000 8d4ed780   360SelfProtection 360SelfProtection.sys Mon Apr 21 09:13:16 2014 (5355196C)
833ac000 833f4000   ACPI     ACPI.sys     Sat Nov 20 03:37:52 2010 (4CE788E0)
8d57c000 8d5d6000   afd      afd.sys      Fri May 30 02:36:06 2014 (538826D6)
9121f000 91231000   AgileVpn AgileVpn.sys Mon Jul 13 19:55:00 2009 (4A5BC954)
88347000 8835a000   amd_sata amd_sata.sys Thu Nov 11 15:15:05 2010 (4CDC4EC9)
883a2000 883ad000   amd_xata amd_xata.sys Thu Nov 11 15:15:07 2010 (4CDC4ECB)
90b6a000 90b7a000   amdiox86 amdiox86.sys Thu Feb 18 10:17:49 2010 (4B7D5A1D)
90a39000 90a4a000   amdppm   amdppm.sys   Mon Jul 13 19:11:03 2009 (4A5BBF07)
883ad000 883b6000   amdxata  amdxata.sys  Fri Mar 19 12:19:01 2010 (4BA3A3F5)
88303000 8830c000   atapi    atapi.sys    Mon Jul 13 19:11:15 2009 (4A5BBF13)
8830c000 8832f000   ataport  ataport.SYS  Sun Aug 04 20:46:59 2013 (51FEF603)
90bdd000 90bf9000   AtihdW73 AtihdW73.sys Thu Mar 31 03:14:44 2011 (4D9429E4)
9123c000 91904000   atikmdag atikmdag.sys Fri Mar 04 10:40:19 2011 (4D7107E3)
90a4a000 90a88000   atikmpag atikmpag.sys Fri Mar 04 10:16:27 2011 (4D71024B)
887b6000 887be000   AtiPcie  AtiPcie.sys  Wed Mar 10 09:33:41 2010 (4B97ADC5)
97a20000 97a6d000   ATMFD    ATMFD.DLL    unavailable (00000000)
88200000 8822b000   BAPIDRV  BAPIDRV.sys  Mon Apr 14 02:34:43 2014 (534B8183)
88287000 88292000   BATTC    BATTC.SYS    Mon Jul 13 19:19:15 2009 (4A5BC0F3)
9200c000 922a7000   bcmwl6   bcmwl6.sys   Wed Sep 01 20:13:57 2010 (4C7EEC45)
9f203000 9f24c000   BEDaisy  BEDaisy.sys  Thu Jan 08 12:47:39 2015 (54AEC2BB)
8d4be000 8d4c5000   Beep     Beep.SYS     Mon Jul 13 19:45:00 2009 (4A5BC6FC)
90400000 9040e000   blbdrive blbdrive.sys Mon Jul 13 19:23:04 2009 (4A5BC1D8)
83228000 83230000   BOOTVID  BOOTVID.dll  Mon Jul 13 21:04:34 2009 (4A5BD9A2)
91b8f000 91ba8000   bowser   bowser.sys   Tue Feb 22 23:47:32 2011 (4D649164)
97078000 97085000   BthEnum  BthEnum.sys  Mon Jul 13 19:51:35 2009 (4A5BC887)
97085000 970a0000   bthpan   bthpan.sys   Mon Jul 13 19:51:43 2009 (4A5BC88F)
9c784000 9c7e8000   bthport  bthport.sys  Fri Jul 06 15:23:22 2012 (4FF73B2A)
9c772000 9c784000   BTHUSB   BTHUSB.sys   Wed Apr 27 23:15:02 2011 (4DB8DBB6)
96e00000 9702b000   btwampfl btwampfl.sys Mon Jul 12 21:40:47 2010 (4C3BC41F)
91a5d000 91adf000   btwaudio btwaudio.sys Mon Jul 19 17:42:57 2010 (4C44C6E1)
970d2000 97147000   btwavdt  btwavdt.sys  Mon Jul 19 17:41:56 2010 (4C44C6A4)
97147000 97153000   btwl2cap btwl2cap.sys Mon Mar 01 21:25:09 2010 (4B8C7705)
97153000 97155f00   btwrchid btwrchid.sys Mon Jul 19 17:43:36 2010 (4C44C708)
97de0000 97dfe000   cdd      cdd.dll      unavailable (00000000)
8d462000 8d481000   cdrom    cdrom.sys    Sat Nov 20 03:38:09 2010 (4CE788F1)
83272000 8331d000   CI       CI.dll       Sat Nov 20 07:05:17 2010 (4CE7B97D)
88791000 887b6000   CLASSPNP CLASSPNP.SYS Mon Jul 13 19:11:20 2009 (4A5BBF18)
83230000 83272000   CLFS     CLFS.SYS     Mon Jul 13 19:11:10 2009 (4A5BBF0E)
923b7000 923bc200   clwvd    clwvd.sys    Tue Jul 27 21:13:36 2010 (4C4F8440)
9239d000 923a0700   CmBatt   CmBatt.sys   Mon Jul 13 19:19:18 2009 (4A5BC0F6)
885a1000 885fe000   cng      cng.sys      Wed Aug 01 11:09:40 2012 (501946B4)
8827f000 88287000   compbatt compbatt.sys Mon Jul 13 19:19:18 2009 (4A5BC0F6)
923aa000 923b7000   CompositeBus CompositeBus.sys Sat Nov 20 04:50:21 2010 (4CE799DD)
971ad000 971ba000   crashdmp crashdmp.sys Mon Jul 13 19:45:50 2009 (4A5BC72E)
90586000 905ea000   csc      csc.sys      Sat Nov 20 03:44:32 2010 (4CE78A70)
8d5d6000 8d5ee000   dfsc     dfsc.sys     Sat Nov 20 03:42:32 2010 (4CE789F8)
9057a000 90586000   discache discache.sys Mon Jul 13 19:24:04 2009 (4A5BC214)
88780000 88791000   disk     disk.sys     Mon Jul 13 19:11:28 2009 (4A5BBF20)
91a44000 91a5d000   drmk     drmk.sys     Thu Oct 03 21:47:02 2013 (524E1E16)
8d422000 8d462000   dtsoftbus01 dtsoftbus01.sys Fri Feb 21 04:49:46 2014 (5307213A)
971c4000 971d7000   dump_amd_sata dump_amd_sata.sys Thu Nov 11 15:15:05 2010 (4CDC4EC9)
971ba000 971c4000   dump_diskdump dump_diskdump.sys Mon Feb 03 20:16:53 2014 (52F03F85)
971d7000 971e8000   dump_dumpfve dump_dumpfve.sys Mon Jul 13 19:12:47 2009 (4A5BBF6F)
971e8000 971f2000   Dxapi    Dxapi.sys    Mon Jul 13 19:25:25 2009 (4A5BC265)
91904000 919bc000   dxgkrnl  dxgkrnl.sys  Sun Jun 15 20:43:59 2014 (539E3DCF)
919bc000 919f5000   dxgmms1  dxgmms1.sys  Sun Jun 15 20:42:07 2014 (539E3D5F)
90576000 90579a80   Efimon   Efimon.sys   Thu Apr 10 02:34:00 2014 (53463B58)
97156000 97180000   fastfat  fastfat.SYS  Mon Jul 13 19:14:01 2009 (4A5BBFB9)
883ea000 883fb000   fileinfo fileinfo.sys Mon Jul 13 19:21:51 2009 (4A5BC18F)
883b6000 883ea000   fltmgr   fltmgr.sys   Mon Jul 13 19:11:13 2009 (4A5BBF11)
8840e000 88417000   Fs_Rec   Fs_Rec.sys   unavailable (00000000)
8874e000 88780000   fvevol   fvevol.sys   Wed Jan 23 21:41:37 2013 (51009F61)
88979000 889aa000   fwpkclnt fwpkclnt.sys Fri Apr 04 21:08:43 2014 (533F579B)
889ff000 889ff680   giveio   giveio.sys   Wed Apr 03 22:33:25 1996 (316334F5)
8302d000 83064000   hal      halmacpi.dll Sat Nov 20 03:37:38 2010 (4CE788D2)
91200000 9121f000   HDAudBus HDAudBus.sys Sat Nov 20 04:59:28 2010 (4CE79C00)
9702b000 9703e000   HIDCLASS HIDCLASS.SYS Tue Jul 02 23:36:24 2013 (51D39C38)
92775000 9277b480   HIDPARSE HIDPARSE.SYS Tue Jul 02 23:36:22 2013 (51D39C36)
9c7e8000 9c7f3000   hidusb   hidusb.sys   Sat Nov 20 04:59:38 2010 (4CE79C0A)
88262000 8826d400   Hookport Hookport.sys Mon Apr 21 09:20:41 2014 (53551B29)
91b0a000 91b8f000   HTTP     HTTP.sys     Sat Nov 20 03:40:17 2010 (4CE78971)
88746000 8874e000   hwpolicy hwpolicy.sys Sat Nov 20 03:37:35 2010 (4CE788CF)
92321000 92339000   i8042prt i8042prt.sys Mon Jul 13 19:11:23 2009 (4A5BBF1B)
92339000 92346000   kbdclass kbdclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
9c7f3000 9c7ff000   kbdhid   kbdhid.sys   Sat Nov 20 04:50:10 2010 (4CE799D2)
80bbc000 80bc4000   kdcom    kdcom.dll    Mon Jul 13 21:08:58 2009 (4A5BDAAA)
923bd000 923f1000   ks       ks.sys       Sat Nov 20 04:50:17 2010 (4CE799D9)
8858e000 885a1000   ksecdd   ksecdd.sys   Fri Apr 11 20:58:25 2014 (53488FB1)
88710000 88736000   ksecpkg  ksecpkg.sys  Mon Oct 13 20:52:47 2014 (543C73DF)
927a3000 927b3000   lltdio   lltdio.sys   Mon Jul 13 19:53:18 2009 (4A5BC8EE)
92788000 927a3000   luafv    luafv.sys    Mon Jul 13 19:15:44 2009 (4A5BC020)
8320c000 83217000   mcupdate_AuthenticAMD mcupdate_AuthenticAMD.dll Mon Jul 13 19:13:13 2009 (4A5BBF89)
97049000 97054000   monitor  monitor.sys  Mon Jul 13 19:25:58 2009 (4A5BC286)
92390000 9239d000   mouclass mouclass.sys Mon Jul 13 19:11:15 2009 (4A5BBF13)
9703e000 97049000   mouhid   mouhid.sys   Mon Jul 13 19:45:08 2009 (4A5BC704)
882ed000 88303000   mountmgr mountmgr.sys Sat Nov 20 03:38:09 2010 (4CE788F1)
92423000 92435000   mpsdrv   mpsdrv.sys   Mon Jul 13 19:52:52 2009 (4A5BC8D4)
91ba8000 91bcb000   mrxsmb   mrxsmb.sys   Tue Apr 26 22:17:20 2011 (4DB77CB0)
887be000 887f9000   mrxsmb10 mrxsmb10.sys Fri Jul 08 22:29:57 2011 (4E17BD25)
91bcb000 91be6000   mrxsmb20 mrxsmb20.sys Tue Apr 26 22:17:26 2011 (4DB77CB6)
8832f000 88339000   msahci   msahci.sys   Sat Nov 20 04:50:48 2010 (4CE799F8)
8d540000 8d54b000   Msfs     Msfs.SYS     unavailable (00000000)
83200000 83208000   msisadrv msisadrv.sys Mon Jul 13 19:11:09 2009 (4A5BBF0D)
88563000 8858e000   msrpc    msrpc.sys    unavailable (00000000)
9056c000 90576000   mssmbios mssmbios.sys Mon Jul 13 19:19:25 2009 (4A5BC0FD)
88736000 88746000   mup      mup.sys      Mon Jul 13 19:14:14 2009 (4A5BBFC6)
8861b000 886d2000   ndis     ndis.sys     Wed Aug 22 10:51:06 2012 (5034F1DA)
923f1000 923fc000   ndistapi ndistapi.sys Mon Jul 13 19:54:24 2009 (4A5BC930)
92400000 92410000   ndisuio  ndisuio.sys  Sat Nov 20 05:06:36 2010 (4CE79DAC)
90b02000 90b24000   ndiswan  ndiswan.sys  Sat Nov 20 05:07:48 2010 (4CE79DF4)
90bcc000 90bdd000   NDProxy  NDProxy.SYS  Sat Nov 20 05:07:39 2010 (4CE79DEB)
90480000 9048e000   netbios  netbios.sys  Mon Jul 13 19:53:54 2009 (4A5BC912)
90417000 90449000   netbt    netbt.sys    Sat Nov 20 03:39:22 2010 (4CE7893A)
886d2000 88710000   NETIO    NETIO.SYS    Tue Nov 26 05:01:51 2013 (5294718F)
8d54b000 8d559000   Npfs     Npfs.SYS     Mon Jul 13 19:11:31 2009 (4A5BBF23)
90562000 9056c000   nsiproxy nsiproxy.sys Mon Jul 13 19:12:08 2009 (4A5BBF48)
82c1a000 8302d000   nt       ntkrpamp.exe Tue Mar 04 03:19:27 2014 (53158C8F)
88434000 88563000   Ntfs     Ntfs.sys     Thu Jan 23 20:01:10 2014 (52E1BB56)
8d4b7000 8d4be000   Null     Null.SYS     unavailable (00000000)
927b3000 927f9000   nwifi    nwifi.sys    Mon Jul 13 19:51:59 2009 (4A5BC89F)
90450000 9046f000   pacer    pacer.sys    Mon Jul 13 19:53:58 2009 (4A5BC916)
8826e000 8827f000   partmgr  partmgr.sys  Sat Mar 17 01:03:08 2012 (4F641B0C)
8822d000 88257000   pci      pci.sys      Sat Nov 20 03:37:57 2010 (4CE788E5)
88339000 88347000   PCIIDEX  PCIIDEX.SYS  Mon Jul 13 19:11:15 2009 (4A5BBF13)
88400000 8840e000   pcw      pcw.sys      Mon Jul 13 19:11:10 2009 (4A5BBF0E)
9c601000 9c698000   peauth   peauth.sys   Mon Jul 13 20:35:44 2009 (4A5BD2E0)
91a15000 91a44000   portcls  portcls.sys  Thu Oct 03 21:17:06 2013 (524E1712)
83217000 83228000   PSHED    PSHED.dll    Mon Jul 13 21:09:36 2009 (4A5BDAD0)
90525000 90561b00   qutmdrv  qutmdrv.sys  Thu Mar 27 04:15:28 2014 (5333DE20)
9051b000 90524100   qutmipc  qutmipc.sys  Tue May 13 22:44:46 2014 (5372D89E)
90aea000 90b02000   rasl2tp  rasl2tp.sys  Mon Jul 13 19:54:33 2009 (4A5BC939)
90b24000 90b3c000   raspppoe raspppoe.sys Mon Jul 13 19:54:53 2009 (4A5BC94D)
90b3c000 90b53000   raspptp  raspptp.sys  Mon Jul 13 19:54:47 2009 (4A5BC947)
90b53000 90b6a000   rassstp  rassstp.sys  Mon Jul 13 19:54:57 2009 (4A5BC951)
904da000 9051b000   rdbss    rdbss.sys    Sat Nov 20 03:42:44 2010 (4CE78A04)
91231000 9123b000   rdpbus   rdpbus.sys   Mon Jul 13 20:02:40 2009 (4A5BCB20)
8d528000 8d530000   RDPCDD   RDPCDD.sys   Sat Nov 20 05:22:19 2010 (4CE7A15B)
8d530000 8d538000   rdpencdd rdpencdd.sys Mon Jul 13 20:01:39 2009 (4A5BCAE3)
8d538000 8d540000   rdprefmp rdprefmp.sys Mon Jul 13 20:01:41 2009 (4A5BCAE5)
88800000 8882d000   rdyboost rdyboost.sys Sat Nov 20 04:00:07 2010 (4CE78E17)
97054000 97078000   rfcomm   rfcomm.sys   Mon Jul 13 19:51:41 2009 (4A5BC88D)
92410000 92423000   rspndr   rspndr.sys   Mon Jul 13 19:53:20 2009 (4A5BC8F0)
90a88000 90aea000   Rt86win7 Rt86win7.sys Fri Jun 10 02:31:55 2011 (4DF1BA5B)
92437000 9273fa00   RTKVHDA  RTKVHDA.sys  Tue Sep 07 07:13:32 2010 (4C861E5C)
904d4000 904da000   SASDIFSV SASDIFSV.SYS Thu Jul 21 19:03:16 2011 (4E28B034)
904b2000 904d4000   SASKUTIL SASKUTIL.SYS Tue Jul 12 16:24:48 2011 (4E1CAD90)
9c698000 9c6a2000   secdrv   secdrv.SYS   Wed Sep 13 09:18:32 2006 (45080528)
889fa000 889fe280   speedfan speedfan.sys Sat Dec 29 15:59:33 2012 (50DF59B5)
889f2000 889fa000   spldr    spldr.sys    Mon May 11 12:13:47 2009 (4A084EBB)
9c720000 9c772000   srv      srv.sys      Thu Apr 28 22:46:30 2011 (4DBA2686)
9c6d0000 9c720000   srv2     srv2.sys     Thu Apr 28 22:46:13 2011 (4DBA2675)
9c6a2000 9c6c3000   srvnet   srvnet.sys   Thu Apr 28 22:46:08 2011 (4DBA2670)
8835a000 883a2000   storport storport.sys Mon Feb 03 20:17:23 2014 (52F03FA3)
923fc000 923fd380   swenum   swenum.sys   Mon Jul 13 19:45:08 2009 (4A5BC704)
92346000 9238d700   SynTP    SynTP.sys    Thu Oct 13 22:33:23 2011 (4E979F73)
92000000 9200b000   tap0901t tap0901t.sys Wed Sep 16 02:02:40 2009 (4AB07F80)
8882d000 88979000   tcpip    tcpip.sys    Fri Apr 04 21:10:29 2014 (533F5805)
9c6c3000 9c6d0000   tcpipreg tcpipreg.sys Wed Oct 03 11:21:37 2012 (506C5801)
8d570000 8d57c000   TDI      TDI.SYS      Sat Nov 20 03:39:18 2010 (4CE78936)
8d559000 8d570000   tdx      tdx.sys      Mon Nov 10 20:32:14 2014 (5461671E)
904a1000 904b2000   termdd   termdd.sys   Sat Nov 20 05:21:10 2010 (4CE7A116)
97dd0000 97dd9000   TSDDD    TSDDD.dll    unavailable (00000000)
90a18000 90a39000   tunnel   tunnel.sys   Sat Nov 20 05:06:40 2010 (4CE79DB0)
90b7a000 90b88000   umbus    umbus.sys    Sat Nov 20 05:00:23 2010 (4CE79C37)
92740000 92757000   usbccgp  usbccgp.sys  Tue Nov 26 20:13:44 2013 (52954748)
9238e000 9238f780   USBD     USBD.SYS     Tue Nov 26 20:13:33 2013 (5295473D)
92312000 92321000   usbehci  usbehci.sys  Tue Nov 26 20:13:41 2013 (52954745)
92306000 92312000   usbfilter usbfilter.sys Mon Nov 29 04:50:11 2010 (4CF37753)
90b88000 90bcc000   usbhub   usbhub.sys   Tue Nov 26 20:14:23 2013 (5295476F)
922b1000 922bb000   usbohci  usbohci.sys  Tue Nov 26 20:13:38 2013 (52954742)
922bb000 92306000   USBPORT  USBPORT.SYS  Tue Nov 26 20:13:45 2013 (52954749)
970ae000 970d1d80   usbvideo usbvideo.sys Fri Jul 12 06:08:19 2013 (51DFD593)
88257000 88262000   vdrvroot vdrvroot.sys Mon Jul 13 19:46:19 2009 (4A5BC74B)
8d4ee000 8d4fa000   vga      vga.sys      Mon Jul 13 19:25:50 2009 (4A5BC27E)
8d4fa000 8d51b000   VIDEOPRT VIDEOPRT.SYS Mon Jul 13 19:25:49 2009 (4A5BC27D)
889aa000 889b3000   vmstorfl vmstorfl.sys unavailable (00000000)
88292000 882a2000   volmgr   volmgr.sys   Sat Nov 20 03:38:06 2010 (4CE788EE)
882a2000 882ed000   volmgrx  volmgrx.sys  unavailable (00000000)
889b3000 889f2000   volsnap  volsnap.sys  Sat Nov 20 03:38:13 2010 (4CE788F5)
922a7000 922b1000   vwifibus vwifibus.sys Mon Jul 13 19:52:02 2009 (4A5BC8A2)
9046f000 90480000   vwififlt vwififlt.sys Mon Jul 13 19:52:03 2009 (4A5BC8A3)
9048e000 904a1000   wanarp   wanarp.sys   Sat Nov 20 05:07:45 2010 (4CE79DF1)
8d51b000 8d528000   watchdog watchdog.sys Mon Jul 13 19:24:10 2009 (4A5BC21A)
8331d000 8339e000   Wdf01000 Wdf01000.sys Fri Jun 21 22:29:37 2013 (51C50C11)
8339e000 833ac000   WDFLDR   WDFLDR.SYS   Wed Jul 25 22:36:38 2012 (5010AD36)
90449000 90450000   wfplwf   wfplwf.sys   Mon Jul 13 19:53:51 2009 (4A5BC90F)
97b60000 97db8000   win32k   win32k.sys   Thu Oct 09 20:45:37 2014 (54372C31)
923a1000 923aa000   wmiacpi  wmiacpi.sys  Mon Jul 13 19:19:16 2009 (4A5BC0F4)
833f4000 833fd000   WMILIB   WMILIB.SYS   Mon Jul 13 19:11:22 2009 (4A5BBF1A)

Unloaded modules:
9f211000 9f25a000   BEDaisy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00049000
9f219000 9f262000   BEDaisy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00049000
9f211000 9f25a000   BEDaisy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00049000
9f236000 9f27f000   BEDaisy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00049000
9f21e000 9f267000   BEDaisy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00049000
b6a1c000 b6a65000   BEDaisy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00049000
a4832000 a487b000   BEDaisy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00049000
a487b000 a48e5000   spsys.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0006A000
a423f000 a4282000   BEDaisy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00043000
97101000 9710e000   BthEnum.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000D000
9704a000 970ae000   bthport.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00064000
97038000 9704a000   BTHUSB.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00012000
96e0d000 97038000   btwampfl.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0022B000
970dd000 97101000   rfcomm.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00024000
9710e000 97129000   bthpan.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001B000
91a5d000 91adf000   btwaudio.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00082000
97129000 9719e000   btwavdt.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00075000
9719e000 971aa000   btwl2cap.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
92762000 92775000   HIDCLASS.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00013000
971aa000 971ad000   btwrchid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00003000
92757000 92762000   hidusb.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000
9277c000 92788000   kbdhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000C000
970d2000 970dd000   mouhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000
91be6000 91bfe000   parport.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00018000
971f2000 971fd000   monitor.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000
91adf000 91b0a000   BAPIDRV.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0002B000
887be000 887cb000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000D000
887cb000 887d5000   dump_storpor
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000A000
887d5000 887e8000   dump_amd_sat
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00013000
887e8000 887f9000   dump_dumpfve
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00011000
Bugcheck code 00000050
Arguments a4f86ffe 00000000 82c455c5 00000000

jcgriff2 · Jan 9, 2015

For info - ntkrnlpa.exe is the Windows NT Kernel and is never the cause. It appears merely as a default.

Branchez · Jan 9, 2015

Ahh I see, that's too bad, I was hoping I could fix it. Ohh well. I am wondering how can that driver be a problem when I haven't been able to play that games 3,4 days already? Maybe if driver just updated yesterday or something?

Also when I try to use verifier I can't find that driver in the list. I triple-checked.

Thx for the help any way man.

jcgriff2 · Jan 10, 2015

I'm not sure why the driver is a problem, but Windbg tells me it is the definite probable cause.

If the driver is not in the Verifier listing, it likely is not loaded (loaded into RAM). I'm not 100% sure on this.

It is a shame that the company is having issues with a one day old driver.

The answer here lies with the company that wrote the driver, not anywhere else within Windows.

Patrick · Jan 10, 2015

I'm not sure why the driver is a problem

Code:

1: kd> kv
ChildEBP RetAddr  Args to Child              
8edf2594 82c5aaa8 00000000 a4f86ffe 00000000 nt!MmAccessFault+0x104
8edf2594 82c455c5 00000000 a4f86ffe 00000000 nt!KiTrap0E+0xdc (FPO: [0,0] TrapFrame @ 8edf25ac)
8edf2624 9f2194ed a4f86ffe 8edf2874 00000007 nt!_wcsnicmp+0x13 (FPO: [Non-Fpo])
8edf28a4 883b8aeb 85e75e88 8edf28c4 8edf28f0 BEDaisy+0x164ed
8edf2910 883bbc77 8edf2928 8edf29cc 8edf2988 fltmgr!FltpPerformPreCallbacks+0x34d (FPO: [Non-Fpo])
8edf2940 82cac273 8edf2988 8edf29d4 855e2218 fltmgr!FltpPreFsFilterOperation+0xab (FPO: [Non-Fpo])
8edf2964 82e4c201 00000001 00000001 8edf2abb nt!FsFilterPerformCallbacks+0xa4
8edf2ac0 82e3eb7c 84f03420 00000010 00000000 nt!FsRtlAcquireFileExclusiveCommon+0x10a
8edf2be0 82e3e2bb 8edf2c34 0000000f 00000000 nt!MmCreateSection+0x384
8edf2d10 82c578c6 0191f99c 0000000f 00000000 nt!NtCreateSection+0x16e
8edf2d10 0655a000 0191f99c 0000000f 00000000 nt!KiSystemServicePostCall (FPO: [0,3] TrapFrame-EDITED @ 8edf2d10)
00002000 00000000 00000000 00000000 00000000 0x655a000

The BEDaisy.sys driver is a really controversial driver. It's a literal kernel-mode driver from/for Arma2 (a video game) that has obfuscation to prevent reversing, contacts various C&C servers to upload data, hooks applications, etc. It's basically a 'legal' rootkit. We can see that Arma2 was in fact the game running at the time of crash:

Code:

PROCESS_NAME:  ArmA2OA.exe

We unfortunately cannot see any of BEDaisy's work in action as it's merely a minidump.

Code:

1: kd> .trap 8edf25ac
ErrCode = 00000000
eax=00000000 ebx=82c455b2 ecx=00000200 edx=a4f86ffe esi=8edf2874 edi=fffffff6
eip=82c455c5 esp=8edf2620 ebp=8edf2624 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
nt!_wcsnicmp+0x13:
82c455c5 0fb702          movzx   eax,word ptr [edx]       ds:0023:a4f86ffe=????

It called the _wcsnicmp function to most likely lexicographically compare strings, but I could be wrong. What exactly went wrong however regarding the driver was we were copying the contents of the edx register to the eax register, and then zero extending the value. This is a minidump so we cannot dump the contents of the edx register, but we can see eax is null:

Code:

 eax=00000000

This is likely the reason for the crash, although edx's contents may have also possibly been invalid. I'd need a kernel dump to check.

In any case, I don't think this is actually a bug in the kernel-mode driver itself (although it's possible), but perhaps your antivirus is under the impression it's an actual rootkit (because it behaves like one), and is conflicting with it. You can try and whitelist it with 360 antivirus, or uninstall 360 antivirus entirely (my recommendation, because I wouldn't recommend that antivirus) and see if the crashes stop.

Also, unrelated, you have a driver loaded from 1996 that is known to cause problems:

Code:

1: kd> lmvm giveio
start    end        module name
889ff000 889ff680   giveio     (deferred)             
    Image path: \SystemRoot\system32\giveio.sys
    Image name: giveio.sys
    Timestamp:        Wed Apr 03 22:33:25 1996

Known software to associate itself with this driver - ADC Analyzer/SwiftForth/Disspy/SpeedFan. Uninstall whichever you have.

Branchez · Jan 10, 2015

jcgriff2 said:
I'm not sure why the driver is a problem, but Windbg tells me it is the definite probable cause.

If the driver is not in the Verifier listing, it likely is not loaded (loaded into RAM). I'm not 100% sure on this.

It is a shame that the company is having issues with a one day old driver.

The answer here lies with the company that wrote the driver, not anywhere else within Windows.

It is not one day old. It can't be as it hasn't been working for me for days. Except if another driver was the problem before this one.

Strange thing is that the same thing happened to my brother on his PC.

Patrick said:
I'm not sure why the driver is a problem

Click to expand...

Code:

1: kd> kv ChildEBP RetAddr Args to Child 8edf2594 82c5aaa8 00000000 a4f86ffe 00000000 nt!MmAccessFault+0x104 8edf2594 82c455c5 00000000 a4f86ffe 00000000 nt!KiTrap0E+0xdc (FPO: [0,0] TrapFrame @ 8edf25ac) 8edf2624 9f2194ed a4f86ffe 8edf2874 00000007 nt!_wcsnicmp+0x13 (FPO: [Non-Fpo]) 8edf28a4 883b8aeb 85e75e88 8edf28c4 8edf28f0 BEDaisy+0x164ed 8edf2910 883bbc77 8edf2928 8edf29cc 8edf2988 fltmgr!FltpPerformPreCallbacks+0x34d (FPO: [Non-Fpo]) 8edf2940 82cac273 8edf2988 8edf29d4 855e2218 fltmgr!FltpPreFsFilterOperation+0xab (FPO: [Non-Fpo]) 8edf2964 82e4c201 00000001 00000001 8edf2abb nt!FsFilterPerformCallbacks+0xa4 8edf2ac0 82e3eb7c 84f03420 00000010 00000000 nt!FsRtlAcquireFileExclusiveCommon+0x10a 8edf2be0 82e3e2bb 8edf2c34 0000000f 00000000 nt!MmCreateSection+0x384 8edf2d10 82c578c6 0191f99c 0000000f 00000000 nt!NtCreateSection+0x16e 8edf2d10 0655a000 0191f99c 0000000f 00000000 nt!KiSystemServicePostCall (FPO: [0,3] TrapFrame-EDITED @ 8edf2d10) 00002000 00000000 00000000 00000000 00000000 0x655a000

The BEDaisy.sys driver is a really controversial driver. It's a literal kernel-mode driver from/for Arma2 (a video game) that has obfuscation to prevent reversing, contacts various C&C servers to upload data, hooks applications, etc. It's basically a 'legal' rootkit. We can see that Arma2 was in fact the game running at the time of crash:

Code:

PROCESS_NAME: ArmA2OA.exe

We unfortunately cannot see any of BEDaisy's work in action as it's merely a minidump.

Code:

1: kd> .trap 8edf25ac ErrCode = 00000000 eax=00000000 ebx=82c455b2 ecx=00000200 edx=a4f86ffe esi=8edf2874 edi=fffffff6 eip=82c455c5 esp=8edf2620 ebp=8edf2624 iopl=0 nv up ei pl nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010202 nt!_wcsnicmp+0x13: 82c455c5 0fb702 movzx eax,word ptr [edx] ds:0023:a4f86ffe=????

It called the _wcsnicmp function to most likely lexicographically compare strings, but I could be wrong. What exactly went wrong however regarding the driver was we were copying the contents of the edx register to the eax register, and then zero extending the value. This is a minidump so we cannot dump the contents of the edx register, but we can see eax is null:

Code:

eax=00000000

This is likely the reason for the crash, although edx's contents may have also possibly been invalid. I'd need a kernel dump to check.

In any case, I don't think this is actually a bug in the kernel-mode driver itself (although it's possible), but perhaps your antivirus is under the impression it's an actual rootkit (because it behaves like one), and is conflicting with it. You can try and whitelist it with 360 antivirus, or uninstall 360 antivirus entirely (my recommendation, because I wouldn't recommend that antivirus) and see if the crashes stop.

Also, unrelated, you have a driver loaded from 1996 that is known to cause problems:

Code:

1: kd> lmvm giveio start end module name 889ff000 889ff680 giveio (deferred) Image path: \SystemRoot\system32\giveio.sys Image name: giveio.sys Timestamp: Wed Apr 03 22:33:25 1996

Known software to associate itself with this driver - ADC Analyzer/SwiftForth/Disspy/SpeedFan. Uninstall whichever you have.

Yeah, I already uninstalled 360AV and replaced it with AVG. I've been using 360 for only a month, wanted to check it out. But the crashes didn't stop.

And about the old driver, I have SpeedFan installed to monitor temperatures as it's very simple and nice. If you could recommend a better one I would be thankful. Best would be to see the temps in the taskbar as I need only a quick look while gaming, but I haven't found such program.

As for the BattleEye driver, well I will stop playing the game :'(

Thank you guys for your time and thorough report and explanation. Keep up the good work.

Patrick · Jan 10, 2015

Yeah, I already uninstalled 360AV and replaced it with AVG.

Did you try it without an antivirus at all, or perhaps with whitelisting it within AVG?

It is not one day old. It can't be as it hasn't been working for me for days.

It was meant that the driver was last updated a day ago, not that the driver itself was actually created a day ago.

And about the old driver, I have SpeedFan installed to monitor temperatures as it's very simple and nice.

Indeed, I've liked SpeedFan myself. I am unsure as to why it's supplying the 1996 driver considering that's not modern behavior for that software. Perhaps you are using a plugin or something of some sort that may have installed that driver? In any case, try an uninstall > reinstall of the latest version. Be sure to restart in between so the driver gets flushed successfully.

Patrick · Jan 10, 2015

Also, would it be at all possible to upload the kernel-dump from the crash for research purposes regarding the driver and why it caused the crash?

It can be located at C:\Windows and named MEMORY.DMP. You'll have to upload it 3rd party as it's too large to locally upload here. You can PM me the link if you don't want it public.

Branchez · Jan 10, 2015

Patrick said:
Did you try it without an antivirus at all, or perhaps with whitelisting it within AVG?

Click to expand...

Yeah I've tried it without AV and still the same thing happened.

Edit:
And what exact file I need to add to whitelist? Just to make sure.

Indeed, I've liked SpeedFan myself. I am unsure as to why it's supplying the 1996 driver considering that's not modern behavior for that software. Perhaps you are using a plugin or something of some sort that may have installed that driver? In any case, try an uninstall > reinstall of the latest version. Be sure to restart in between so the driver gets flushed successfully.

Click to expand...

Yeah I will do that. Thank you.

Patrick said:

Also, would it be at all possible to upload the kernel-dump from the crash for research purposes regarding the driver and why it caused the crash?

It can be located at C:\Windows and named MEMORY.DMP. You'll have to upload it 3rd party as it's too large to locally upload here. You can PM me the link if you don't want it public.

Click to expand...

Well that depends. I have very limited knowledge about this advanced stuff. So I will first need you to explain me why I would not others to see that file.

Patrick · Jan 10, 2015

Quite simply, small memory dumps (one you provided) only contain immediate crash information, such as the parameters/stop code, thread+processes at the time of the crash, and the kernel stack for the thread at the time of the bug check. We can't go any further than that, because it wasn't recorded.

Kernel-dumps however contain read/write pages within physical memory at the time of the crash, which would allow us to then find out things like whether or not edx's contents were actually invalid, what sort of hooking and such BattlEye did (if any at the time of the bug check), etc. It just gives a lot more information.

jcgriff2 · Jan 10, 2015

Branchez said:
jcgriff2 said:

I'm not sure why the driver is a problem, but Windbg tells me it is the definite probable cause.

If the driver is not in the Verifier listing, it likely is not loaded (loaded into RAM). I'm not 100% sure on this.

It is a shame that the company is having issues with a one day old driver.

The answer here lies with the company that wrote the driver, not anywhere else within Windows.

Click to expand...

It is not one day old. It can't be as it hasn't been working for me for days. Except if another driver was the problem before this one.

Strange thing is that the same thing happened to my brother on his PC.

I was merely going by the date on the driver found in the dump - 8 January 2015. I processed the dump on 9 Jan.

From post #2 -

Code:

BEDaisy.sys  Thu [COLOR=#ff0000]Jan 08 [/COLOR]12:47:39 [COLOR=#ff0000]2015 [/COLOR](54AEC2BB)

Please see post #2 - https://www.sysnative.com/forums/bs...-a-specific-game-windows-7-x64.html#post91728

Also, your BSOD occurred on:

Code:

Debug session time: Fri [COLOR=#b22222]Jan  9[/COLOR] 12:08:12.455 [COLOR=#ff0000]2015 [/COLOR](UTC - 5:00)

I don't know how you could have been using that same driver for a few days, assuming the 8 Jan 2015 timestamp on the driver is correct.

The only thing that comes to mind is the possibility of dynamic allocation (driver was allocated on the fly by the app).

Regards. . .

jcgriff2

BSOD only when playing a specific game - Windows 7 x64

Branchez

Member

Attachments

Branchez

Member

jcgriff2

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)

jcgriff2

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)

Branchez

Member

jcgriff2

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)

Patrick

Sysnative Staff

Branchez

Member

Patrick

Sysnative Staff

Patrick

Sysnative Staff

Branchez

Member

Patrick

Sysnative Staff

jcgriff2

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)

BSOD only when playing a specific game - Windows 7 x64

Member

Attachments

Member

Co-Founder / AdminBSOD Instructor/ExpertMicrosoft MVP (Ret.)

Co-Founder / AdminBSOD Instructor/ExpertMicrosoft MVP (Ret.)

Member

Co-Founder / AdminBSOD Instructor/ExpertMicrosoft MVP (Ret.)

Sysnative Staff

Member

Sysnative Staff

Sysnative Staff

Member

Sysnative Staff

Co-Founder / AdminBSOD Instructor/ExpertMicrosoft MVP (Ret.)

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)