Analisando o arquivo de despejo BSOD do Windows 2008 R2 SP1

Eu tenho um problema com um servidor virtual do Windows Server 2008 R2 SP1 em execução no VMWare. O servidor está executando o Citrix e também possui a proteção do Symantec Endpoint instalada. Ele cai aleatoriamente e vai para o BSOD.

Investigar o log de eventos não forneceu nenhuma informação útil sobre a causa da falha. Eu executei o debug do Windows e gerou o relatório mostrado abaixo. Aparentemente, aponta para um driver com falha. O problema é que não consigo identificar qual driver está causando isso. Eu estou querendo saber se alguém pode oferecer alguma ajuda.

----------
## Bugcheck Analysis   ##
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff9600008744d, Address of the instruction which caused the bugcheck
Arg3: fffff88007ba3de0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------
Page 125923 not present in the dump file. Type ".hh dbgerr004" for details

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
win32k!xxxInternalInvalidate+7d
fffff960'0008744d f6473208        test    byte ptr [rdi+32h],8

CONTEXT:  fffff88007ba3de0 -- (.cxr 0xfffff88007ba3de0)
rax=0000000000000000 rbx=0000000000010485 rcx=0000000000000000
rdx=0000000000000b02 rsi=0000000000000000 rdi=0000000000000000
rip=fffff9600008744d rsp=fffff88007ba47c0 rbp=0000000000000000
 r8=0000000000010485  r9=0000000000000000 r10=fffff900000004c0
r11=fffff900c26eac30 r12=0000000000000000 r13=0000000000000001
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
win32k!xxxInternalInvalidate+0x7d:
fffff960'0008744d f6473208        test    byte ptr [rdi+32h],8 ds:002b:00000000'00000032=??
Resetting default scope

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  csrss.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff960001351a2 to fffff9600008744d

STACK_TEXT:  
fffff880'07ba47c0 fffff960'001351a2 : 00000000'00000000 00000000'00000040 fffffa80'0678d330 00000000'00000000 : win32k!xxxInternalInvalidate+0x7d
fffff880'07ba4840 fffff960'001352a2 : fffffa80'0678d330 00000000'00000000 fffff880'07ba4ca0 fffffa80'06109ab0 : win32k!xxxInternalUserChangeDisplaySettings+0x486
fffff880'07ba4900 fffff960'001330e3 : 00000000'00000000 00000000'00000000 fffff900'c0f9ead0 fffff900'00000040 : win32k!xxxUserChangeDisplaySettings+0x92
fffff880'07ba49f0 fffff960'00115cba : 00000000'00000001 00000000'00aff960 00000000'00000000 ffffffff'ffffffff : win32k!xxxRemoteReconnect+0x6d7
fffff880'07ba4bf0 fffff800'016d9ed3 : fffffa80'06f66b00 fffff880'07ba4ca0 00000000'00000000 00000000'00000000 : win32k!NtUserCallOneParam+0x4e
fffff880'07ba4c20 000007fe'fd1b2aea : 00000000'00000000 00000000'00000000 00000000'00000000 00000000'00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000'00aff918 00000000'00000000 : 00000000'00000000 00000000'00000000 00000000'00000000 00000000'00000000 : 0x000007fe'fd1b2aea


FOLLOWUP_IP: 
win32k!xxxInternalInvalidate+7d
fffff960'0008744d f6473208        test    byte ptr [rdi+32h],8

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  win32k!xxxInternalInvalidate+7d

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  50e64bda

STACK_COMMAND:  .cxr 0xfffff88007ba3de0 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_win32k!xxxInternalInvalidate+7d

BUCKET_ID:  X64_0x3B_win32k!xxxInternalInvalidate+7d

Followup: MachineOwner
---------