BSOD

djrraz · 09 Aug 2010

I get random BSOD with windows seven

Is Windows 7 . . .
- x64
- the original installed OS on the system? Yes
- an OEM or full retail version? Full Retail from msndaa
- OEM = came pre-installed on system
- Full Retail = you purchased it from retailer

- What is the age of system (hardware)? 2 Months
- What is the age of OS installation (have you re-installed the OS?) Yes my last install was 7/29, my second fresh install my bsod keeps on coming back. I'm thinking it must be a hardware issue with either the hard drive or ram, I am just unsure of what.

All of the memory tests pass like memtest86.

Edit - Uploaded dump files

CarlTR6 · 09 Aug 2010

I will take a look and be right back.

There was no dump file included. Please make sure you have dump files enabled. Read the last part of the first post in this thread.

https://www.sevenforums.com/tutorials...en-forums.html

Jonathan_King · 09 Aug 2010

Carl- dumps are enabled and there are 6 of them. The OP did not run the scripts as administrator.

To the OP: please upload your dumps manually: https://www.sevenforums.com/tutorials...en-forums.html

djrraz · 09 Aug 2010

Sorry hopefully I fixed everything

Jonathan_King · 09 Aug 2010

djrraz said:

Sorry hopefully I fixed everything

What did you do?

djrraz · 09 Aug 2010

I posted the dump files in the original post.

I forgot to read the end of the guide for posting dump files and put the files in my original post rather than a new reply.

CarlTR6 · 09 Aug 2010

When you have enabled mini dumps, please post and let us know.

Looking at some of the other files you uploaded, I find some outdated drivers on your system. Win 7 does not like old drivers as a general rule and they can and do cause crashes. These are not all of the old drivers I found.

Code:

adp94xx.sys     12/5/2008
adpahci.sys        5/1/2007
adpu320.sys     2/27/2007
amdsbs.sys       3/20/2009
amdsata.sys      5/19/2009
amdsbs.sys        3/20/2009
arc.sys               5/24/2007
arcsas.sys          1/14/2009
b06bdrv.sys  Broadcom NetXtreme II VBD    2/13/2009
b57nd60a.sys  Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0   4/26/2009
ebdrv.sys  Broadcom NetXtreme II 10 GigE VBD       12/31/2008
elxstor.sys            2/3/2009
iirsp.sys            12/13/2005

Without the dump files, I do not know if some of the drivers are actually loading when you boot. If they are, they could definitely cause conflicts and crashes and need to be updated.

What antivirus and firewall are you running?

CarlTR6 · 09 Aug 2010

Got it. I will look at them. Thanks much. :)

CarlTR6 · 09 Aug 2010

I looked at latest five dumps. They point to hardware/hardware related problems, particularly memory corruption. Click on the links at look at the usual causes. Notice the common factors in each error code.

BugCheck 1A - BSOD Index

BugCheck A - BSOD Index

BugCheck D1 - BSOD Index

BugCheck 50 - BSOD Index

Here are the dumps:

Code:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Owner\AppData\Local\Temp\Temp4_Dump Files.zip\080910-21949-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a04000 PsLoadedModuleList = 0xfffff800`02c41e50
Debug session time: Mon Aug  9 19:46:16.242 2010 (GMT-4)
System Uptime: 0 days 0:09:08.288
Loading Kernel Symbols
.

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

..............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41790, fffffa800105d770, ffff, 0}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+33946 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa800105d770
Arg3: 000000000000ffff
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_41790

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  perfmon.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80002ae7ede to fffff80002a74600

STACK_TEXT:  
fffff880`0b317828 fffff800`02ae7ede : 00000000`0000001a 00000000`00041790 fffffa80`0105d770 00000000`0000ffff : nt!KeBugCheckEx
fffff880`0b317830 fffff800`02aa7cc9 : 00000000`00000000 00000000`65ee5fff fffffa80`00000000 fffff800`00000000 : nt! ?? ::FNODOBFM::`string'+0x33946
fffff880`0b3179f0 fffff800`02d8e170 : fffffa80`038ae170 0007ffff`00000000 00000000`00000000 00000000`00000000 : nt!MiRemoveMappedView+0xd9
fffff880`0b317b10 fffff800`02d8e57b : 00000010`00000000 00000000`64b90000 fffffa80`00000001 fffffa80`05c90540 : nt!MiUnmapViewOfSection+0x1b0
fffff880`0b317bd0 fffff800`02a73853 : fffffa80`042edb60 00000000`00000000 fffffa80`04333b30 00000000`09c988b0 : nt!NtUnmapViewOfSection+0x5f
fffff880`0b317c20 00000000`777dfffa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0024c328 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x777dfffa


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+33946
fffff800`02ae7ede cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+33946

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4b88cfeb

FAILURE_BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+33946

BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+33946

Followup: MachineOwner
---------


Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Owner\AppData\Local\Temp\Temp4_Dump Files.zip\080910-21543-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a04000 PsLoadedModuleList = 0xfffff800`02c41e50
Debug session time: Mon Aug  9 19:35:55.265 2010 (GMT-4)
System Uptime: 0 days 0:55:48.701
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {48, 2, 1, fffff80002a5d19d}

Probably caused by : memory_corruption ( nt!MiDereferenceControlAreaPfn+5d )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000048, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002a5d19d, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cac0e0
 0000000000000048 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!MiDereferenceControlAreaPfn+5d
fffff800`02a5d19d f00fba69481f    lock bts dword ptr [rcx+48h],1Fh

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  rundll32.exe

TRAP_FRAME:  fffff88007a81070 -- (.trap 0xfffff88007a81070)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=001430006e696268 rbx=0000000000000000 rcx=fffff8a010ae5020
rdx=0000000001a5e000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002a6b3cd rsp=fffff88007a81208 rbp=0000000000000007
 r8=0000000000001000  r9=0000000000000080 r10=0000000000001000
r11=fffff8a010ae5000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
nt!memcpy+0xbd:
fffff800`02a6b3cd 488941e0        mov     qword ptr [rcx-20h],rax ds:3000:fffff8a0`10ae5000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002a73b69 to fffff80002a74600

STACK_TEXT:  
fffff880`07a808e8 fffff800`02a73b69 : 00000000`0000000a 00000000`00000048 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`07a808f0 fffff800`02a727e0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`07a80a30 fffff800`02a5d19d : 00000000`0000002f 00000000`0000007f fffffa80`02350c80 00000000`000bc598 : nt!KiPageFault+0x260
fffff880`07a80bc0 fffff800`02a37c7c : 00000000`00000002 00000000`00000000 fffffa80`01d49300 00000000`00000000 : nt!MiDereferenceControlAreaPfn+0x5d
fffff880`07a80c30 fffff800`02b351dd : fffffa80`01d49300 fffff880`07a80d80 00000000`00000080 00000000`000a0877 : nt!MiRestoreTransitionPte+0xcc
fffff880`07a80c90 fffff800`02ae3a1e : 00000000`00000000 fffff880`07a80d80 fffff800`02c00b40 00000000`00000000 : nt!MiRemoveLowestPriorityStandbyPage+0x2ad
fffff880`07a80d10 fffff800`02a90b82 : 00000000`00000001 fffff8a0`10ae5000 fffff880`07a81070 fffff6fc`50085728 : nt! ?? ::FNODOBFM::`string'+0x29bf7
fffff880`07a80e00 fffff800`02a8ebd1 : 00000000`0009d424 00000000`00000001 fffff880`07a810f0 fffff800`02a7a6ef : nt!MiDispatchFault+0x8c2
fffff880`07a80f10 fffff800`02a726ee : 00000000`00000001 00000000`00000000 fffff880`07a81500 00000000`02bd0000 : nt!MmAccessFault+0x8f1
fffff880`07a81070 fffff800`02a6b3cd : fffff800`02cfdd73 00000000`00000000 fffff880`07a815f0 fffff880`07a815f0 : nt!KiPageFault+0x16e
fffff880`07a81208 fffff800`02cfdd73 : 00000000`00000000 fffff880`07a815f0 fffff880`07a815f0 00000000`02bd0000 : nt!memcpy+0xbd
fffff880`07a81210 fffff800`02cf99a7 : fffff8a0`00001000 fffff880`02bd0000 fffff8a0`00000000 00000000`00143000 : nt!HvpReadFileImageAndBuildMap+0x123
fffff880`07a812c0 fffff800`02cf95d6 : 00000000`02c00000 fffff8a0`07337000 01cb37f6`17c6ffd3 fffff8a0`0c66f420 : nt!HvLoadHive+0xd7
fffff880`07a81320 fffff800`02cf6052 : 00000000`00000000 00000000`00000002 fffff8a0`0c66ffc8 00000000`00000001 : nt!HvInitializeHive+0x262
fffff880`07a81380 fffff800`02cf6bed : fffff880`07a81520 fffff880`07a815f0 ffffffff`80000970 fffff880`07a81a28 : nt!CmpInitializeHive+0x4a6
fffff880`07a81470 fffff800`02cf9aae : 00000000`00000000 fffff800`00000000 fffff880`07a817d8 fffff880`07a817d1 : nt!CmpInitHiveFromFile+0x249
fffff880`07a81590 fffff800`02cfc423 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!CmpCmdHiveOpen+0x8a
fffff880`07a81780 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!CmLoadKey+0x1a7


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!MiDereferenceControlAreaPfn+5d
fffff800`02a5d19d f00fba69481f    lock bts dword ptr [rcx+48h],1Fh

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!MiDereferenceControlAreaPfn+5d

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4b88cfeb

IMAGE_NAME:  memory_corruption

FAILURE_BUCKET_ID:  X64_0xA_nt!MiDereferenceControlAreaPfn+5d

BUCKET_ID:  X64_0xA_nt!MiDereferenceControlAreaPfn+5d

Followup: MachineOwner
---------


Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Owner\AppData\Local\Temp\Temp4_Dump Files.zip\080910-20904-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a64000 PsLoadedModuleList = 0xfffff800`02ca1e50
Debug session time: Mon Aug  9 19:50:21.553 2010 (GMT-4)
System Uptime: 0 days 0:02:55.989
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {fffff80202adb752, 2, 8, fffff80202adb752}

Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff80202adb752, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: fffff80202adb752, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002d0c0e0
 fffff80202adb752 

CURRENT_IRQL:  2

FAULTING_IP: 
+5925952f01feddc4
fffff802`02adb752 ??              ???

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  Steam.exe

TRAP_FRAME:  fffff880073bf810 -- (.trap 0xfffff880073bf810)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000007ef20001 rbx=0000000000000000 rcx=fffff880073bf960
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80202adb752 rsp=fffff880073bf9a0 rbp=fffffa80057f58e0
 r8=0000000000000000  r9=0000000000000000 r10=0000000000002000
r11=fffffa80036a897c r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
fffff802`02adb752 ??              ???
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002ad3b69 to fffff80002ad4600

FAILED_INSTRUCTION_ADDRESS: 
+5925952f01feddc4
fffff802`02adb752 ??              ???

STACK_TEXT:  
fffff880`073bf6c8 fffff800`02ad3b69 : 00000000`0000000a fffff802`02adb752 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx
fffff880`073bf6d0 fffff800`02ad27e0 : fffffa80`04eef320 fffffa80`057f58e0 00000000`1b59576a fffff800`02c4ee80 : nt!KiBugCheckDispatch+0x69
fffff880`073bf810 fffff802`02adb752 : fffffa80`057f58e0 fffffa80`057f58e0 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260
fffff880`073bf9a0 fffffa80`057f58e0 : fffffa80`057f58e0 00000000`00000000 00000000`00000000 00000000`00000200 : 0xfffff802`02adb752
fffff880`073bf9a8 fffffa80`057f58e0 : 00000000`00000000 00000000`00000000 00000000`00000200 00000000`00000000 : 0xfffffa80`057f58e0
fffff880`073bf9b0 00000000`00000000 : 00000000`00000000 00000000`00000200 00000000`00000000 00000000`00000000 : 0xfffffa80`057f58e0


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiPageFault+260
fffff800`02ad27e0 440f20c0        mov     rax,cr8

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  nt!KiPageFault+260

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4b88cfeb

FAILURE_BUCKET_ID:  X64_0xD1_CODE_AV_BAD_IP_nt!KiPageFault+260

BUCKET_ID:  X64_0xD1_CODE_AV_BAD_IP_nt!KiPageFault+260

Followup: MachineOwner
---------


Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Owner\AppData\Local\Temp\Temp4_Dump Files.zip\080910-14539-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a03000 PsLoadedModuleList = 0xfffff800`02c40e50
Debug session time: Mon Aug  9 18:39:23.661 2010 (GMT-4)
System Uptime: 0 days 0:03:43.097
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {5003, fffff90000812000, 2eca, fffff900c22d2009}

Probably caused by : win32k.sys ( win32k!memset+b0 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000005003, The subtype of the bugcheck.
Arg2: fffff90000812000
Arg3: 0000000000002eca
Arg4: fffff900c22d2009

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_5003

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  firefox.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff880090e3ee0 -- (.trap 0xfffff880090e3ee0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff900c5400000 rbx=0000000000000000 rcx=fffff900c5748000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff96000113c10 rsp=fffff880090e4078 rbp=0000000000000001
 r8=0000000000000028  r9=0000000000014378 r10=000000000000007f
r11=0000000000000034 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
win32k!memset+0xb0:
fffff960`00113c10 480fc311        movnti  qword ptr [rcx],rdx ds:0001:fffff900`c5748000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002ae2d98 to fffff80002a73600

STACK_TEXT:  
fffff880`090e3b78 fffff800`02ae2d98 : 00000000`0000001a 00000000`00005003 fffff900`00812000 00000000`00002eca : nt!KeBugCheckEx
fffff880`090e3b80 fffff800`02a8fb82 : 00000000`00000001 fffff900`c5748000 fffff880`090e3ee0 fffff6fc`8062ba40 : nt! ?? ::FNODOBFM::`string'+0x29f97
fffff880`090e3c70 fffff800`02a8dbd1 : 00000000`000bea5d 00000000`00000000 fffff880`09004490 fffff8a0`0186c8e8 : nt!MiDispatchFault+0x8c2
fffff880`090e3d80 fffff800`02a716ee : 00000000`00000001 fffff900`c5400000 fffff880`090e4000 fffff880`090e4008 : nt!MmAccessFault+0x8f1
fffff880`090e3ee0 fffff960`00113c10 : fffff960`00102a12 fffff900`c0746010 00000000`00000000 fffff960`00246ffc : nt!KiPageFault+0x16e
fffff880`090e4078 fffff960`00102a12 : fffff900`c0746010 00000000`00000000 fffff960`00246ffc 00000000`00000000 : win32k!memset+0xb0
fffff880`090e4080 fffff960`00103f2b : 00000000`00000000 fffff880`090e4220 00000000`00000001 fffff960`001015e6 : win32k!AllocateObject+0xf2
fffff880`090e40c0 fffff960`000db4a4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k!SURFMEM::bCreateDIB+0x1fb
fffff880`090e41b0 fffff960`000db01e : 00000472`00000780 00000000`00000472 00000000`01080030 00000000`00000780 : win32k!hsurfCreateCompatibleSurface+0x3bc
fffff880`090e4280 fffff800`02a72853 : fffffa80`046f0b60 fffff880`090e43e0 00000000`00000000 fffff900`c00bf010 : win32k!GreCreateCompatibleBitmap+0x26e
fffff880`090e4360 00000000`73ad2dd9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0016cc98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73ad2dd9


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!memset+b0
fffff960`00113c10 480fc311        movnti  qword ptr [rcx],rdx

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  win32k!memset+b0

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4bdc4376

FAILURE_BUCKET_ID:  X64_0x1a_5003_win32k!memset+b0

BUCKET_ID:  X64_0x1a_5003_win32k!memset+b0

Followup: MachineOwner
---------


Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Owner\AppData\Local\Temp\Temp4_Dump Files.zip\080910-14523-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*Symbol information
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02a1e000 PsLoadedModuleList = 0xfffff800`02c5be50
Debug session time: Mon Aug  9 18:34:31.432 2010 (GMT-4)
System Uptime: 0 days 0:06:47.868
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffff8a201bb708c, 0, fffff80002d770cc, 5}


Could not read faulting driver name
Probably caused by : memory_corruption ( nt!MiApplyCompressedFixups+40 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff8a201bb708c, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80002d770cc, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000005, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc60e0
 fffff8a201bb708c 

FAULTING_IP: 
nt!MiApplyCompressedFixups+40
fffff800`02d770cc 0fb603          movzx   eax,byte ptr [rbx]

MM_INTERNAL_CODE:  5

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff88007afc310 -- (.trap 0xfffff88007afc310)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8a001bb5000 rbx=0000000000000000 rcx=fffffa80061df6e0
rdx=fffff88008590000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002d770cc rsp=fffff88007afc4a0 rbp=0000000000000003
 r8=fffff8a201bb708c  r9=fffffffff7d60000 r10=0000000000000fff
r11=fffff88008590000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
nt!MiApplyCompressedFixups+0x40:
fffff800`02d770cc 0fb603          movzx   eax,byte ptr [rbx] ds:6120:00000000`00000000=??
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002b0d801 to fffff80002a8e600

STACK_TEXT:  
fffff880`07afc1a8 fffff800`02b0d801 : 00000000`00000050 fffff8a2`01bb708c 00000000`00000000 fffff880`07afc310 : nt!KeBugCheckEx
fffff880`07afc1b0 fffff800`02a8c6ee : 00000000`00000000 fffff8a2`01bb708c fffffa80`00000000 00001f80`010100da : nt! ?? ::FNODOBFM::`string'+0x40ecb
fffff880`07afc310 fffff800`02d770cc : fffff880`07afc580 00000000`00000000 fffffa80`047049e0 fffffa80`06196168 : nt!KiPageFault+0x16e
fffff880`07afc4a0 fffff800`02d76f45 : fffff880`08590000 ffffffff`f7d60000 00000000`00023000 fffffa80`007f5ea0 : nt!MiApplyCompressedFixups+0x40
fffff880`07afc4f0 fffff800`02d6417c : fffffa80`00000000 fffffa80`06196060 00000000`00000000 00000000`00000000 : nt!MiPerformFixups+0x65
fffff880`07afc540 fffff800`02a7fb4c : fffffa80`007f5ea0 fffffa80`05d56f50 00000000`00000000 fffff800`02a80000 : nt!MiRelocateImagePfn+0x114
fffff880`07afc5a0 fffff800`02a35db4 : fffffa80`05d56e90 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiWaitForInPageComplete+0x89c
fffff880`07afc680 fffff800`02cef97a : 00000000`00000000 fffffa80`0592f280 00000000`00000001 fffffa80`0592f280 : nt!MiPfCompletePrefetchIos+0x54
fffff880`07afc6b0 fffff800`02eec76d : 00000000`0000005d 00000000`0000005d fffffa80`0592f280 fffff880`07afc778 : nt!MmPrefetchPages+0x13a
fffff880`07afc710 fffff800`02ef478e : fffff8a0`00000000 fffff8a0`00000000 fffff8a0`0000002b 00000000`00000000 : nt!PfpPrefetchFilesTrickle+0x21d
fffff880`07afc810 fffff800`02ef5327 : 00000000`00000000 fffff880`07afcca0 fffff880`07afca08 fffff8a0`010a3060 : nt!PfpPrefetchRequestPerform+0x30e
fffff880`07afc960 fffff800`02f018fe : fffff880`07afca08 fffff880`07afca01 fffffa80`06033bc0 00000000`00000000 : nt!PfpPrefetchRequest+0x176
fffff880`07afc9d0 fffff800`02f0602e : 00000000`00000000 00000000`0149f710 00000000`0000004f 00000000`07920201 : nt!PfSetSuperfetchInformation+0x1ad
fffff880`07afcab0 fffff800`02a8d853 : fffffa80`06196060 00000000`00000000 00000000`00000001 00000000`00000000 : nt!NtSetSystemInformation+0xb91
fffff880`07afcc20 00000000`76e3144a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0149f6e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76e3144a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!MiApplyCompressedFixups+40
fffff800`02d770cc 0fb603          movzx   eax,byte ptr [rbx]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!MiApplyCompressedFixups+40

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4b88cfeb

IMAGE_NAME:  memory_corruption

FAILURE_BUCKET_ID:  X64_0x50_nt!MiApplyCompressedFixups+40

BUCKET_ID:  X64_0x50_nt!MiApplyCompressedFixups+40

Followup: MachineOwner
---------

While I am looking at drivers, please enable Driver Verifier and let it run for 36 hours. It it encounters a faulty driver, it will crash creating a dump file the, hopefully, identifies the driver. Upload this dump file.

Driver Verifier - Enable and Disable

Jonathan_King · 09 Aug 2010

Please remove any CD virtualization programs such as Daemon Tools and Alcohol 120%. They use a driver, found in your dmp, sptd.sys, that is notorious for causing BSODs. Use this SPTD uninstaller when you're done: DuplexSecure - Downloads

Your Realtek network drivers should be updated:

Code:

Rt64win7.sys Thu Feb 26 04:04:13 2009

If the crashes persist, please enable driver verifier: Driver Verifier - Enable and Disable

...Summary of the Dumps:

Code:

[font=lucida console]
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Mon Aug  9 10:09:27.748 2010 (UTC - 4:00)
System Uptime: 0 days 0:07:11.794
BugCheck 50, {fffff8a207ef6338, 1, fffff80002d6b51b, 5}
Probably caused by : ntkrnlmp.exe ( nt!CmpDelayDerefKCBWorker+73 )
BUGCHECK_STR:  0x50
PROCESS_NAME:  System
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Mon Aug  9 18:39:23.661 2010 (UTC - 4:00)
System Uptime: 0 days 0:03:43.097
BugCheck 1A, {5003, fffff90000812000, 2eca, fffff900c22d2009}
Probably caused by : win32k.sys ( win32k!memset+b0 )
BUGCHECK_STR:  0x1a_5003
PROCESS_NAME:  firefox.exe
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Mon Aug  9 18:34:31.432 2010 (UTC - 4:00)
System Uptime: 0 days 0:06:47.868
BugCheck 50, {fffff8a201bb708c, 0, fffff80002d770cc, 5}
Probably caused by : memory_corruption ( nt!MiApplyCompressedFixups+40 )
BUGCHECK_STR:  0x50
PROCESS_NAME:  svchost.exe
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Mon Aug  9 19:46:16.242 2010 (UTC - 4:00)
System Uptime: 0 days 0:09:08.288
BugCheck 1A, {41790, fffffa800105d770, ffff, 0}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+33946 )
BUGCHECK_STR:  0x1a_41790
PROCESS_NAME:  perfmon.exe
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Mon Aug  9 19:35:55.265 2010 (UTC - 4:00)
System Uptime: 0 days 0:55:48.701
BugCheck A, {48, 2, 1, fffff80002a5d19d}
Probably caused by : memory_corruption ( nt!MiDereferenceControlAreaPfn+5d )
BUGCHECK_STR:  0xA
PROCESS_NAME:  rundll32.exe
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Mon Aug  9 19:50:21.553 2010 (UTC - 4:00)
System Uptime: 0 days 0:02:55.989
BugCheck D1, {fffff80202adb752, 2, 8, fffff80202adb752}
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
BUGCHECK_STR:  0xD1
PROCESS_NAME:  Steam.exe
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Mon Aug  9 17:06:50.397 2010 (UTC - 4:00)
System Uptime: 0 days 0:01:06.443
BugCheck 1A, {41790, fffffa8001668540, ffff, 0}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+33946 )
BUGCHECK_STR:  0x1a_41790
PROCESS_NAME:  explorer.exe
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Mon Aug  9 17:04:59.823 2010 (UTC - 4:00)
System Uptime: 0 days 6:40:35.259
BugCheck 1A, {41790, fffffa800103a1c0, ffff, 0}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+33946 )
BUGCHECK_STR:  0x1a_41790
PROCESS_NAME:  drvinst.exe
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Mon Aug  9 10:19:20.035 2010 (UTC - 4:00)
System Uptime: 0 days 0:09:09.471
BugCheck 1A, {41284, fffff704401d3001, 7127993e, fffff70001080000}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4a83 )
BUGCHECK_STR:  0x1a_41284
PROCESS_NAME:  plugin-contain
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨

EDIT: Sorry Carl, I didn't see you!