Repeated BSOD on Server 2003

Hello,

I've been getting repeated BSODs on a 2003 server.  Below are the messages recovered from the memory.dmp file but I'm not coming to any conclusive diagnosis.  

Thank you for your help in advance.

******************************************************************************* 
* * 
* Bugcheck Analysis * 
* * 
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a) 
An attempt was made to access a pageable (or completely invalid) address at an 
interrupt request level (IRQL) that is too high. This is usually 
caused by drivers using improper addresses. 
If a kernel debugger is available get the stack backtrace. 
Arguments: 
Arg1: 00000050, memory referenced 
Arg2: d000001b, IRQL 
Arg3: 00000001, bitfield : 
bit 0 : value 0 = read operation, 1 = write operation 
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) 
Arg4: 8083d68d, address which referenced memory

Debugging Details: 
------------------

WRITE_ADDRESS: 00000050

CURRENT_IRQL: 1b

FAULTING_IP: 
nt!KiUnwaitThread+8 
8083d68d 095650 or dword ptr [esi+50h],edx

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: Idle

TRAP_FRAME: f78b28fc -- (.trap 0xfffffffff78b28fc) 
ErrCode = 00000002 
eax=ff1db0c8 ebx=00000001 ecx=00000000 edx=00000100 esi=00000000 edi=ff9f4b2c 
eip=8083d68d esp=f78b2970 ebp=f78b2974 iopl=0 nv up ei ng nz ac pe cy 
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010297 
nt!KiUnwaitThread+0x8: 
8083d68d 095650 or dword ptr [esi+50h],edx ds:0023:00000050=???????? 
Resetting default scope

LAST_CONTROL_TRANSFER: from 8083d68d to 80836e57

STACK_TEXT: 
f78b28fc 8083d68d badb0d00 00000100 00000000 nt!KiTrap0E+0x2a7 
f78b2974 80842839 00000001 ff9f4b24 ff204498 nt!KiUnwaitThread+0x8 
f78b2990 b92b7b12 029f4b24 00000001 00000000 nt!KeSetEvent+0x67 
f78b29b4 8083fff5 00000000 ff2045c0 02204498 TDTCP!_TdReadCompleteRoutine+0x8c 
f78b29e4 b97f6a09 82ada6a8 827dc008 827dc00c nt!IopfCompleteRequest+0xcd 
f78b29fc b97fdd97 ff2044b8 00000000 000001bd tcpip!TCPDataRequestComplete+0xa6 
f78b2a48 b97f5994 00000000 00000002 00000000 tcpip!CompleteRcvs+0x1fb 
f78b2a84 b97f5cfc 00000002 00000002 f78b2ab0 tcpip!ProcessPerCpuTCBDelayQ+0xee 
f78b2ab8 b97ff0ff 00000002 b97ff000 b97f644f tcpip!ProcessTCBDelayQ+0xc2 
f78b2ac4 b97f644f 88a57428 00000000 b97f646c tcpip!TCPRcvComplete+0x20 
f78b2ad0 b97f646c 00000000 f71fc405 88bc5008 tcpip!IPRcvComplete+0x21 
f78b2ad8 f71fc405 88bc5008 f78b2c4c 89773690 tcpip!ARPRcvComplete+0x42 
f78b2b28 bad5c536 898ed3f8 f78b2b40 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x6a0 
WARNING: Stack unwind information not available. Following frames may be wrong. 
f78b2c18 bad5c59f 897738c8 00000000 89b38010 bxnd52x+0x8536 
f78b2c30 f72a6f7c 89773690 f78b2c4c 00000000 bxnd52x+0x859f 
f78b2c58 f72a719b 89b38010 00000000 f78b2cb0 bxvbdx+0x5f7c 
f78b2c84 f72a7276 89770000 89b382a8 f78b2ca4 bxvbdx+0x619b 
f78b2cc0 f72a75fa 352b3f81 89b38010 00000902 bxvbdx+0x6276 
f78b2cd8 f72a7716 89b38010 f772fa40 89b3a258 bxvbdx+0x65fa 
f78b2cf8 8083d9da 89b3a258 89b38010 00000000 bxvbdx+0x6716 
f78b2d50 80839b9f 00000000 0000000e 00000000 nt!KiRetireDpcList+0xca 
f78b2d54 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x37

STACK_COMMAND: kb

FOLLOWUP_IP: 
TDTCP!_TdReadCompleteRoutine+8c 
b92b7b12 8a5513 mov dl,byte ptr [ebp+13h]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: TDTCP!_TdReadCompleteRoutine+8c

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: TDTCP

IMAGE_NAME: TDTCP.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 45d69640

FAILURE_BUCKET_ID: 0xA_TDTCP!_TdReadCompleteRoutine+8c

BUCKET_ID: 0xA_TDTCP!_TdReadCompleteRoutine+8c

Followup: MachineOwner 
---------

=====================SECOND BSOD Dummp Recovery

Microsoft (R) Windows Debugger Version 6.12.0002.633 X86 
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\WINDOWS\MEMORY.DMP] 
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: srv*;C:\WINDOWS\Symbols 
Executable search path is: 
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible 
Product: Server, suite: TerminalServer SingleUserTS 
Built by: 3790.srv03_sp2_gdr.120821-0338 
Machine Name: 
Kernel base = 0x80800000 PsLoadedModuleList = 0x808af9c8 
Debug session time: Wed Dec 5 05:43:53.622 2012 (UTC - 8:00) 
System Uptime: 18 days 10:28:48.747 
Loading Kernel Symbols 
............................................................... 
............................................... 
Loading User Symbols 
PEB is paged out (Peb.Ldr = 7ffda00c). Type ".hh dbgerr001" for details 
Loading unloaded module list 
..... 
******************************************************************************* 
* * 
* Bugcheck Analysis * 
* * 
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {ffbdef08, d000001b, 0, 80854213}

Probably caused by : ntkrnlmp.exe ( nt!KeQueryValuesProcess+9b )

Followup: MachineOwner 
---------

2: kd> 
2: kd> !analyze -v 
******************************************************************************* 
* * 
* Bugcheck Analysis * 
* * 
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a) 
An attempt was made to access a pageable (or completely invalid) address at an 
interrupt request level (IRQL) that is too high. This is usually 
caused by drivers using improper addresses. 
If a kernel debugger is available get the stack backtrace. 
Arguments: 
Arg1: ffbdef08, memory referenced 
Arg2: d000001b, IRQL 
Arg3: 00000000, bitfield : 
bit 0 : value 0 = read operation, 1 = write operation 
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) 
Arg4: 80854213, address which referenced memory

Debugging Details: 
------------------

READ_ADDRESS: ffbdef08 Nonpaged pool expansion

CURRENT_IRQL: 1b

FAULTING_IP: 
nt!KeQueryValuesProcess+9b 
80854213 0358b8 add ebx,dword ptr [eax-48h]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

PROCESS_NAME: ReportingServic

TRAP_FRAME: b79108dc -- (.trap 0xffffffffb79108dc) 
ErrCode = 00000000 
eax=ffbdef50 ebx=00000007 ecx=827dadd8 edx=00000011 esi=827dad88 edi=b7910980 
eip=80854213 esp=b7910950 ebp=b7910968 iopl=0 nv up ei pl nz ac pe nc 
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010216 
nt!KeQueryValuesProcess+0x9b: 
80854213 0358b8 add ebx,dword ptr [eax-48h] ds:0023:ffbdef08=???????? 
Resetting default scope

LAST_CONTROL_TRANSFER: from 80854213 to 80836e57

STACK_TEXT: 
b79108dc 80854213 badb0d00 00000011 0000000e nt!KiTrap0E+0x2a7 
b7910968 809426de 00000000 b7910980 00000000 nt!KeQueryValuesProcess+0x9b 
b79109c0 80854358 b5a0e418 827dad88 80842700 nt!ExpCopyProcessInfo+0xcf 
b7910a58 80942777 199b6b70 0003c000 00000000 nt!ExpGetProcessInformation+0x107 
b7910d4c 80833c2f 00000005 199b6b70 0003c000 nt!NtQuerySystemInformation+0x11e0 
b7910d4c 7c82845c 00000005 199b6b70 0003c000 nt!KiFastCallEntry+0xfc 
WARNING: Frame IP not in any known module. Following frames may be wrong. 
1bf9f4b8 00000000 00000000 00000000 00000000 0x7c82845c

STACK_COMMAND: kb

FOLLOWUP_IP: 
nt!KeQueryValuesProcess+9b 
80854213 0358b8 add ebx,dword ptr [eax-48h]

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!KeQueryValuesProcess+9b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 50339f35

FAILURE_BUCKET_ID: 0xA_nt!KeQueryValuesProcess+9b

BUCKET_ID: 0xA_nt!KeQueryValuesProcess+9b

Followup: MachineOwner