BSOD help plz

Hey guys I am usually able to figure out my problems on my own, but this one I just can't seem to get.

The desktop is a Gateway DV model / with Windows Vista Home Premium 64-bit / 6GB Ram (Nothing has been added)

It is getting a BSOD on start up, pretty much every single time right after entering the password. The bad thing is that it is also happening when trying to go into Safe Mode. In fact I can manage to log into Normal mode for about 10 minutes before it comes up, where in Safe Mode I get it before it even loads up.

So far I have ran Memtest86+ without any errors, and have removed the video card from the case.

I am at a loss, and would really appreciate some help.

Here are Minidump files from 2 separate occasions

View attachment Minidump.zip
View attachment Minidump2.zip

 

I loaded 4 recent dumps into BlueScreenView, they were all the same, 0xa IRQL_NOT_LESS_OR_EQUAL (a) so I ran one though a basic debug.

Code:

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini033011-18.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6002.18267.amd64fre.vistasp2_gdr.100608-0458
Machine Name:
Kernel base = 0xfffff800`03218000 PsLoadedModuleList = 0xfffff800`033dcdd0
Debug session time: Wed Mar 30 23:59:58.537 2011 (UTC + 1:00)
System Uptime: 0 days 0:01:57.411
Loading Kernel Symbols
...............................................................
...................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {fffffa6000567010, c, 0, fffff80003288489}

Probably caused by : win32k.sys ( win32k!NtGdiCloseProcess+1fb )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffa6000567010, memory referenced
Arg2: 000000000000000c, IRQL
Arg3: 0000000000000000, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80003288489, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000343f080
 fffffa6000567010 

CURRENT_IRQL:  c

FAULTING_IP: 
nt!IopCompleteRequest+e69
fffff800`03288489 488b4a10        mov     rcx,qword ptr [rdx+10h]

CUSTOMER_CRASH_COUNT:  18

DEFAULT_BUCKET_ID:  COMMON_SYSTEM_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  AtBroker.exe

IRP_ADDRESS:  ffffffffffffff89

TRAP_FRAME:  fffffa6005983320 -- (.trap 0xfffffa6005983320)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa60059833d8 rbx=0000000000000000 rcx=fffffa60019637f0
rdx=fffffa6000567000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003288489 rsp=fffffa60059834b0 rbp=fffffa8005b13b28
 r8=fffffa8005ae7520  r9=fffffa60059835a0 r10=fffffa8003666590
r11=fffffa8005af1570 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
nt!IopCompleteRequest+0xe69:
fffff800`03288489 488b4a10        mov     rcx,qword ptr [rdx+10h] ds:5900:fffffa60`00567010=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff8000327226e to fffff800032724d0

STACK_TEXT:  
fffffa60`059831d8 fffff800`0327226e : 00000000`0000000a fffffa60`00567010 00000000`0000000c 00000000`00000000 : nt!KeBugCheckEx
fffffa60`059831e0 fffff800`0327114b : 00000000`00000000 fffffa80`023f77b0 00000000`00000011 fffffa80`05b13ab0 : nt!KiBugCheckDispatch+0x6e
fffffa60`05983320 fffff800`03288489 : fffffa60`059835d0 fffffa80`05afe060 00000000`00000000 00000000`00000001 : nt!KiPageFault+0x20b
fffffa60`059834b0 fffff800`03293bbe : 00000000`00000001 fffffa80`05afe060 fffffa60`05983610 fffff960`0012015d : nt!IopCompleteRequest+0xe69
fffffa60`05983570 fffff800`03297613 : fffffa60`05983690 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x19e
fffffa60`05983610 fffff960`0012a24b : 00000000`00000000 00000000`00000000 00000000`00000001 fffff900`00000001 : nt!KiApcInterrupt+0x103
fffffa60`059837a0 fffff960`0011e924 : 00000000`00000000 fffff800`034bf300 fffff900`c09132b0 fffffa80`05b36c10 : win32k!NtGdiCloseProcess+0x1fb
fffffa60`05983800 fffff960`0011e19b : 00000000`00000000 fffff900`c09132b0 00000000`00000000 fffff800`034bf3e0 : win32k!GdiProcessCallout+0x1f4
fffffa60`05983880 fffff800`034cb5f4 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`05afe060 : win32k!W32pProcessCallout+0x6f
fffffa60`059838b0 fffff800`034bf3fd : fffffa60`00000001 fffff800`034d9301 00000000`00000000 fffffa80`78457350 : nt!PspExitThread+0x41c
fffffa60`059839a0 fffff800`03293e61 : fffffa60`05983a01 fffffa80`0501d210 00000000`00000000 00000000`00000000 : nt!PsExitSpecialApc+0x1d
fffffa60`059839d0 fffff800`03297785 : fffffa60`05983ca0 fffffa60`05983a70 fffff800`034bf410 00000000`00000001 : nt!KiDeliverApc+0x441
fffffa60`05983a70 fffff800`0327201d : fffff880`009490d8 fffffa80`05afa300 fffffa80`05ad5960 00000000`00000000 : nt!KiInitiateUserApc+0x75
fffffa60`05983bb0 00000000`7773704a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0xa2
00000000`027bf048 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7773704a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!NtGdiCloseProcess+1fb
fffff960`0012a24b 7427            je      win32k!NtGdiCloseProcess+0x224 (fffff960`0012a274)

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  win32k!NtGdiCloseProcess+1fb

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4cbc66de

FAILURE_BUCKET_ID:  X64_0xA_win32k!NtGdiCloseProcess+1fb

BUCKET_ID:  X64_0xA_win32k!NtGdiCloseProcess+1fb

Followup: MachineOwner
---------

2: kd> lmvm win32k
start             end                 module name
fffff960`00060000 fffff960`00314000   win32k     (pdb symbols)          c:\symbols\win32k.pdb\AF8D1961615C4BAFA784949BC350E9A12\win32k.pdb
    Loaded symbol image file: win32k.sys
    Mapped memory image file: c:\symbols\win32k.sys\4CBC66DE2b4000\win32k.sys
    Image path: \SystemRoot\System32\win32k.sys
    Image name: win32k.sys
    Timestamp:        Mon Oct 18 16:25:18 2010 (4CBC66DE)
    CheckSum:         002A9B0D
    ImageSize:        002B4000
    File version:     6.0.6002.18328
    Product version:  6.0.6002.18328
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     win32k.sys
    OriginalFilename: win32k.sys
    ProductVersion:   6.0.6002.18328
    FileVersion:      6.0.6002.18328 (vistasp2_gdr.101018-0336)
    FileDescription:  Multi-User Win32 Driver
    LegalCopyright:   © Microsoft Corporation. All rights reserved.

It appears to be blaming a standard Windows driver - it's very unlikely to be that.

There are some old drivers that need removing or updating:
sptd.sys = Daemon Tools, update or uninstall
aew6kdz1.SYS = NO DATA FOUND ON THIS FILE!!!

It's highly likely that the strange file is malware and is at the root of this. If you boot to Safe Mode, log out as soon as you are able to, this might block the loading of the driver and enable you to log back in, search for and disable (rename to OLD) it. Give it a try and report back please.

 

Which files would you like me to change the extension to .OLD ?

 

Can you please help me to be able to change names of the files. . It wont let me, and I am the administrator. .I gave full permission for the entire drive to myself, but it said I can't have permission to the Windows folder.

 

never mind i figured it out