BSOD: ntkrpamp.exe at fault

**longint** · 30-08-2010

Greetings. I know how to view kernel dumps on Windows but I don't know very much about interpreting them. Obviously, the dump below indicates ntkrpamp.exe as being the problematic executable. I don't know what the flagged memory addresses mean or anything about the stack dump. Reading the dump itself leads me to believe it's not exactly possible to pinpoint the specific cause. However, I've been reading other threads similar to this issue and suggestions were made that this can be the result of anti-virus software or corrupted virtual memory.

Is anyone able to break this dump down and help me understand it better?

Code:

Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\Chris\Desktop\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: C:\Windows\Symbols
Executable search path is: 
Windows XP Kernel Version 2600 (Service Pack 3) MP (8 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp.080413-2111
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Mon Aug 30 01:54:28.515 2010 (UTC - 4:00)
System Uptime: 0 days 0:55:50.135
Loading Kernel Symbols
...............................................................
............................................
Loading User Symbols

Loading unloaded module list
..............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {968baa0, 1c, 0, 80502cb7}

Probably caused by : ntkrpamp.exe ( nt!KiUnlinkThread+7 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0968baa0, memory referenced
Arg2: 0000001c, IRQL
Arg3: 00000000, bitfield :
        bit 0 : value 0 = read operation, 1 = write operation
        bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 80502cb7, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS:  0968baa0 

CURRENT_IRQL:  1c

FAULTING_IP: 
nt!KiUnlinkThread+7
80502cb7 8b10            mov     edx,dword ptr [eax]

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  Idle

TRAP_FRAME:  8055123c -- (.trap 0xffffffff8055123c)
ErrCode = 00000000
eax=0968baa0 ebx=8968bae0 ecx=8968b9e8 edx=00000102 esi=8968b9e8 edi=00000000
eip=80502cb7 esp=805512b0 ebp=805512c4 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010202
nt!KiUnlinkThread+0x7:
80502cb7 8b10            mov     edx,dword ptr [eax]  ds:0023:0968baa0=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 80502cb7 to 805446e0

STACK_TEXT:  
8055123c 80502cb7 badb0d00 00000102 89075020 nt!KiTrap0E+0x238
805512b0 80502d1e 8968bad8 8968bae0 00000102 nt!KiUnlinkThread+0x7
805512c4 80502f15 00000000 805512e0 00000000 nt!KiUnwaitThread+0x12
805512f0 8050212e ccd654bc 00000088 80551418 nt!KiWaitTest+0xab
805513fc 8050231b 8055c0c0 ffdff9c0 ffdff000 nt!KiTimerListExpire+0x7a
80551428 80545e6f 8055c4c0 00000000 00034588 nt!KiTimerExpiration+0xb1
80551450 80545d54 00000000 0000000e 00000000 nt!KiRetireDpcList+0x61
80551454 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x28


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiUnlinkThread+7
80502cb7 8b10            mov     edx,dword ptr [eax]

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!KiUnlinkThread+7

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4802516a

FAILURE_BUCKET_ID:  0xA_nt!KiUnlinkThread+7

BUCKET_ID:  0xA_nt!KiUnlinkThread+7

Followup: MachineOwner
---------

**Solomon** · 31-08-2010

It is possible that you are a problem with the sound card if it is not an integrated card is the motherboard and it puts you in error and restart the PC. Try is at this time to remove the card and pass it on the other motherboard. Try to use the software RegistryBooster. If this also does not work then try to run Windows Update and then check back.