View Single Post
31 Jan 2011  

Windows 7 Ultimate x64 SP1

For troubleshooting purpose I would recommend you to uninstall McAfee and replace it with MSE. You may go back later after the BSOD have gone.

Perform check disk:
Right click cmd.exe → run as admin → chkdsk /r /f

Update these drivers:
pcouffin.sys Tue Dec 05 06:39:30 2006 → low level access layer for CD devices (A part of many different CD/DVD burning programs)
mdmxsdk.sys  Mon Jun 19 14:27:26 2006 → Conexant Modem Diagnostic Interface x86 Driver
wacommousefilter.sys Fri Feb 16 10:12:17 2007 → Wacom(tablet) Mouse Filter
SynTP.sys    Thu Jun 18 19:33:58 2009 → Synaptic Touch Pad Driver
RTKVHD64.sys Wed Aug 05 02:46:28 2009 → Realtek HD Audio
athrx.sys    Wed Jul 08 17:49:13 2009 → Atheros Network Adapter
AtiHdmi.sys  Fri Jun 05 01:31:42 2009 → ATI driver
atikmdag.sys Thu Jul 02 10:45:07 2009 → ATI driver
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`03600000 PsLoadedModuleList = 0xfffff800`0383de50
Debug session time: Mon Jan 31 18:21:30.886 2011 (GMT-8)
System Uptime: 0 days 0:07:34.617
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {ffffffffc0000005, fffff88001224d16, 0, ffffffffffffffff}

Probably caused by : Ntfs.sys ( Ntfs!TxfLookupAclForTransaction+26 )

Followup: MachineOwner

1: kd> !analyze -v
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff88001224d16, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

fffff880`01224d16 488b8988000000  mov     rcx,qword ptr [rcx+88h]

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800038a80e0




PROCESS_NAME:  sdclt.exe


EXCEPTION_RECORD:  fffff8800233b0f8 -- (.exr 0xfffff8800233b0f8)
ExceptionAddress: fffff88001224d16 (Ntfs!TxfLookupAclForTransaction+0x0000000000000026)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

TRAP_FRAME:  fffff8800233b1a0 -- (.trap 0xfffff8800233b1a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8800233b358 rbx=0000000000000000 rcx=7b8948cd8b48fffb
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001224d16 rsp=fffff8800233b330 rbp=0000000000000000
 r8=fffff8a000000200  r9=fffff8800233b3d0 r10=fffff880075ec870
r11=fffff8800233b710 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
fffff880`01224d16 488b8988000000  mov     rcx,qword ptr [rcx+88h] ds:c123:7b8948cd`8b490083=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff800036aaa39 to fffff80003670740

fffff880`0233a928 fffff800`036aaa39 : 00000000`0000001e ffffffff`c0000005 fffff880`01224d16 00000000`00000000 : nt!KeBugCheckEx
fffff880`0233a930 fffff800`0366fd82 : fffff880`0233b0f8 fffffa80`03f1f9c0 fffff880`0233b1a0 00000000`00000000 : nt!KiDispatchException+0x1b9
fffff880`0233afc0 fffff800`0366e68a : fffffa80`03f1bb68 fffffa80`047fe1b0 fffffa80`03f1b780 fffff880`00fd3f37 : nt!KiExceptionDispatch+0xc2
fffff880`0233b1a0 fffff880`01224d16 : fffff8a0`0027c5c0 fffff880`075ec870 fffff880`0233b710 fffff8a0`0b9216a0 : nt!KiGeneralProtectionFault+0x10a
fffff880`0233b330 fffff880`012cad6b : fffffa80`03f1f9c0 00000000`00000000 00000000`00000000 00000000`00000000 : Ntfs!TxfLookupAclForTransaction+0x26
fffff880`0233b360 fffff880`012cc9e7 : fffffa80`03f1f9c0 00000000`00000000 fffff8a0`00000200 00000000`00100021 : Ntfs!TxfAccessCheck+0x5b
fffff880`0233b4d0 fffff880`012bb573 : fffffa80`01ea1c80 fffff880`075ec1e0 fffff8a0`00000200 fffff8a0`0027c5c0 : Ntfs!NtfsAccessCheck+0x1b7
fffff880`0233b6b0 00000000`00000000 : 00000000`00000000 fffff8a0`0b310000 00000000`00000002 00000000`00000000 : Ntfs!NtfsCheckExistingFile+0xc3


fffff880`01224d16 488b8988000000  mov     rcx,qword ptr [rcx+88h]


SYMBOL_NAME:  Ntfs!TxfLookupAclForTransaction+26

FOLLOWUP_NAME:  MachineOwner


IMAGE_NAME:  Ntfs.sys


FAILURE_BUCKET_ID:  X64_0x1E_Ntfs!TxfLookupAclForTransaction+26

BUCKET_ID:  X64_0x1E_Ntfs!TxfLookupAclForTransaction+26

Followup: MachineOwner

1: kd> lmvm Ntfs
start             end                 module name
fffff880`0121c000 fffff880`013bf000   Ntfs       (pdb symbols)          c:\windows\symbols\ntfs.pdb\A3FA3C11632A4FC09223AB611D6EFF7F2\ntfs.pdb
    Loaded symbol image file: Ntfs.sys
    Mapped memory image file: C:\Windows\Symbols\Ntfs.sys\4A5BC14F1a3000\Ntfs.sys
    Image path: \SystemRoot\System32\Drivers\Ntfs.sys
    Image name: Ntfs.sys
    Timestamp:        Mon Jul 13 16:20:47 2009 (4A5BC14F)
    CheckSum:         00195F88
    ImageSize:        001A3000
    File version:     6.1.7600.16385
    Product version:  6.1.7600.16385
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ntfs.sys
    OriginalFilename: ntfs.sys
    ProductVersion:   6.1.7600.16385
    FileVersion:      6.1.7600.16385 (win7_rtm.090713-1255)
    FileDescription:  NT File System Driver
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
My System SpecsSystem Spec