Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\andre75\122811-19000-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02a65000 PsLoadedModuleList = 0xfffff800`02ca2e50
Debug session time: Tue Dec 27 21:25:48.275 2011 (GMT-7)
System Uptime: 0 days 2:03:21.164
Loading Kernel Symbols
...............................................................
................................................................
...............................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80002acc863, fffff88006ba4070, 0}
Probably caused by : ntkrnlmp.exe ( nt!EtwpFindGuidEntryByGuid+73 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002acc863, Address of the exception record for the exception that caused the bugcheck
Arg3: fffff88006ba4070, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!memcmp+93
fffff800`02acc863 483b040a cmp rax,qword ptr [rdx+rcx]
CONTEXT: fffff88006ba4070 -- (.cxr 0xfffff88006ba4070)
rax=4de768e55a1600d2 rbx=ffffffffffffffff rcx=fffff8a0032e3010
rdx=453972b24a2c3b65 rsi=fffff80002c82380 rdi=45396b524d5a6b61
rip=fffff80002acc863 rsp=fffff88006ba4a48 rbp=0000000000000000
r8=0000000000000010 r9=0000000000000002 r10=4de768e55a1600d2
r11=fffff8a0032e3010 r12=fffff8a0032e3010 r13=0000000000000000
r14=0000000000000029 r15=fffff88006ba4b20
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
nt!memcmp+0x93:
fffff800`02acc863 483b040a cmp rax,qword ptr [rdx+rcx] ds:002b:45396b52`4d5a6b75=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: chrome.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002d7ede7 to fffff80002acc863
STACK_TEXT:
fffff880`06ba4a48 fffff800`02d7ede7 : fffffa80`018dd810 ffffffff`ffffffff 00000000`00000000 fffff880`06ba4b00 : nt!memcmp+0x93
fffff880`06ba4a50 fffff800`02d7e8de : 00000000`03e1ec00 fffff8a0`032e3010 00000000`00000000 fffff800`02af659c : nt!EtwpFindGuidEntryByGuid+0x73
fffff880`06ba4a90 fffff800`02d7f29c : 00000000`00000000 00000000`000000a0 00000000`03e1ec00 00000000`00000000 : nt!EtwpRegisterUMGuid+0x66
fffff880`06ba4b00 fffff800`02ad4993 : fffffa80`018dd810 00000000`026be0b8 00000000`000000a0 0000007f`ffffffff : nt!NtTraceControl+0x198
fffff880`06ba4b70 00000000`7711159a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`026be098 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7711159a
FOLLOWUP_IP:
nt!EtwpFindGuidEntryByGuid+73
fffff800`02d7ede7 413bc5 cmp eax,r13d
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!EtwpFindGuidEntryByGuid+73
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
STACK_COMMAND: .cxr 0xfffff88006ba4070 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!EtwpFindGuidEntryByGuid+73
BUCKET_ID: X64_0x3B_nt!EtwpFindGuidEntryByGuid+73
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\andre75\122811-18049-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02a01000 PsLoadedModuleList = 0xfffff800`02c3ee50
Debug session time: Tue Dec 27 21:39:09.646 2011 (GMT-7)
System Uptime: 0 days 0:13:01.535
Loading Kernel Symbols
...............................................................
................................................................
...............................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff88006fd13c0, 0, 0}
Probably caused by : NETIO.SYS ( NETIO!FilterMatch+4f )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff88006fd13c0, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
+0
fffff880`06fd13c0 d822 fsub dword ptr [rdx]
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ca90e0
0000000000000000
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x1E
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 2
EXCEPTION_RECORD: fffff88006fd22d8 -- (.exr 0xfffff88006fd22d8)
ExceptionAddress: fffff8800176096f (NETIO!FilterMatch+0x000000000000004f)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
TRAP_FRAME: fffff88006fd2380 -- (.trap 0xfffff88006fd2380)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=3932323331403134 rbx=0000000000000000 rcx=fffffa8002c23750
rdx=fffff88006fd2ac8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800176096f rsp=fffff88006fd2510 rbp=fffffa8002c23750
r8=0000000000000000 r9=fffff88006fd2590 r10=fffff88006fd1de0
r11=fffff80002baf410 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
NETIO!FilterMatch+0x4f:
fffff880`0176096f 460fb714e0 movzx r10d,word ptr [rax+r12*8] ds:0001:39323233`31403134=????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002b03bdb to fffff80002a71740
STACK_TEXT:
fffff880`06fd1308 fffff800`02b03bdb : 00000000`0000001e ffffffff`c0000005 fffff880`06fd13c0 00000000`00000000 : nt!KeBugCheckEx
fffff880`06fd1310 fffff800`02ac2d30 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KipFatalFilter+0x1b
fffff880`06fd1350 fffff800`02a9fd1c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x95d
fffff880`06fd1390 fffff800`02a9740d : fffff800`02bbdbc4 fffff880`06fd4360 00000000`00000000 fffff800`02a01000 : nt!_C_specific_handler+0x8c
fffff880`06fd1400 fffff800`02a9ea90 : fffff800`02bbdbc4 fffff880`06fd1478 fffff880`06fd22d8 fffff800`02a01000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`06fd1430 fffff800`02aab9ef : fffff880`06fd22d8 fffff880`06fd1b40 fffff880`00000000 fffffa80`00d76e40 : nt!RtlDispatchException+0x410
fffff880`06fd1b10 fffff800`02a70d82 : fffff880`06fd22d8 00000000`00000000 fffff880`06fd2380 00000000`00000000 : nt!KiDispatchException+0x16f
fffff880`06fd21a0 fffff800`02a6f68a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`06fd2380 fffff880`0176096f : fffff880`06fd2578 fffff880`017609b5 fffffa80`02cf94c0 fffff880`0166a429 : nt!KiGeneralProtectionFault+0x10a
fffff880`06fd2510 fffff880`01760b30 : fffffa80`02664010 00000000`00000000 00000000`00000000 fffff880`06fd2ac8 : NETIO!FilterMatch+0x4f
fffff880`06fd2560 fffff880`01761ccb : 00000000`00000003 00000000`00000010 fffff880`06fd2e80 fffff880`06fd2ac8 : NETIO!IndexHashClassify+0xd0
fffff880`06fd25f0 fffff880`0183f417 : fffff880`06fd2ac8 fffff880`06fd2ac8 fffff880`06fd3800 fffffa80`00fdfa10 : NETIO!KfdClassify+0xa4e
fffff880`06fd2960 fffff880`0183883e : fffff880`01947690 00000000`00000000 fffffa80`0153a2a0 00000000`00000000 : tcpip!WfpAleClassify+0x57
fffff880`06fd29a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeSend+0x94e
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!FilterMatch+4f
fffff880`0176096f 460fb714e0 movzx r10d,word ptr [rax+r12*8]
SYMBOL_STACK_INDEX: 9
SYMBOL_NAME: NETIO!FilterMatch+4f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc18a
FAILURE_BUCKET_ID: X64_0x1E_NETIO!FilterMatch+4f
BUCKET_ID: X64_0x1E_NETIO!FilterMatch+4f
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\andre75\122811-19078-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02a09000 PsLoadedModuleList = 0xfffff800`02c46e50
Debug session time: Tue Dec 27 22:12:23.609 2011 (GMT-7)
System Uptime: 0 days 0:22:49.373
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {3, fffffa8001bf7730, fffffa8001bf7730, 656668613d42203a}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+c7b )
Followup: Pool_corruption
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffffa8001bf7730, the pool entry being checked.
Arg3: fffffa8001bf7730, the read back flink freelist value (should be the same as 2).
Arg4: 656668613d42203a, the read back blink freelist value (should be the same as 2).
Debugging Details:
------------------
BUGCHECK_STR: 0x19_3
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002bac10b to fffff80002a79740
STACK_TEXT:
fffff880`061a7798 fffff800`02bac10b : 00000000`00000019 00000000`00000003 fffffa80`01bf7730 fffffa80`01bf7730 : nt!KeBugCheckEx
fffff880`061a77a0 fffff800`02bae4c1 : 00000000`00000003 fffffa80`0106c2c0 00000000`00000000 fffff880`00d9266e : nt!ExDeferredFreePool+0xc7b
fffff880`061a7830 fffff880`00d8b633 : 00000000`00000705 fffff8a0`09547838 fffffa80`6c734d46 fffff800`000003ed : nt!ExFreePoolWithTag+0x411
fffff880`061a78e0 fffff800`02d68896 : 00000000`00000001 fffff880`012ab1a7 fffff8a0`09547700 fffff880`0121e6e1 : fltmgr! ?? ::FNODOBFM::`string'+0x429
fffff880`061a7910 fffff880`012aabcc : fffff8a0`095475d0 fffffa80`01609040 fffff880`061a79e8 00000000`00000706 : nt!FsRtlTeardownPerStreamContexts+0xe2
fffff880`061a7960 fffff880`012aa8d5 : fffffa00`01010000 00000000`00000000 fffff800`02c1e500 00000000`00000001 : Ntfs!NtfsDeleteScb+0x108
fffff880`061a79a0 fffff880`0121dcb4 : fffff8a0`095474d0 fffff8a0`095475d0 fffff800`02c1e500 fffff880`061a7b12 : Ntfs!NtfsRemoveScb+0x61
fffff880`061a79e0 fffff880`012a82dc : fffff8a0`095474a0 fffff800`02c1e5a0 fffff880`061a7b12 fffffa80`01094a40 : Ntfs!NtfsPrepareFcbForRemoval+0x50
fffff880`061a7a10 fffff880`01226882 : fffffa80`01094a40 fffffa80`01094a40 fffff8a0`095474a0 00000000`00000000 : Ntfs!NtfsTeardownStructures+0xdc
fffff880`061a7a90 fffff880`012bf813 : fffffa80`01094a40 fffff800`02c1e5a0 fffff8a0`095474a0 00000000`00000009 : Ntfs!NtfsDecrementCloseCounts+0xa2
fffff880`061a7ad0 fffff880`0129938f : fffffa80`01094a40 fffff8a0`095475d0 fffff8a0`095474a0 fffffa80`01c27180 : Ntfs!NtfsCommonClose+0x353
fffff880`061a7ba0 fffff800`02a86961 : 00000000`00000000 fffff880`01299200 fffffa80`01609001 fffffa80`00000002 : Ntfs!NtfsFspClose+0x15f
fffff880`061a7c70 fffff800`02d1dc06 : 00000000`0ec52bc4 fffffa80`01609040 00000000`00000080 fffffa80`00c496f0 : nt!ExpWorkerThread+0x111
fffff880`061a7d00 fffff800`02a57c26 : fffff800`02bf3e80 fffffa80`01609040 fffffa80`00d4f620 fffff880`01223534 : nt!PspSystemThreadStartup+0x5a
fffff880`061a7d40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+c7b
fffff800`02bac10b cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExDeferredFreePool+c7b
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+c7b
BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+c7b
Followup: Pool_corruption
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\andre75\122811-15631-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02a0b000 PsLoadedModuleList = 0xfffff800`02c48e50
Debug session time: Wed Dec 28 06:40:50.917 2011 (GMT-7)
System Uptime: 0 days 2:08:19.805
Loading Kernel Symbols
...............................................................
................................................................
...............................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80002baf90d, fffff880058ff9f0, 0}
Probably caused by : ntkrnlmp.exe ( nt!ExAllocatePoolWithTag+53d )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002baf90d, Address of the exception record for the exception that caused the bugcheck
Arg3: fffff880058ff9f0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!ExAllocatePoolWithTag+53d
fffff800`02baf90d 48895808 mov qword ptr [rax+8],rbx
CONTEXT: fffff880058ff9f0 -- (.cxr 0xfffff880058ff9f0)
rax=64693d676c263369 rbx=fffff80002c0abb0 rcx=fffffa8000f82e10
rdx=0000000000000000 rsi=0000000000001000 rdi=0000000000000000
rip=fffff80002baf90d rsp=fffff880059003c0 rbp=fffff80002c0a880
r8=0000000000000000 r9=fffff80002c0abb0 r10=fffff80002c0a888
r11=0000000000000014 r12=000000000000001c r13=0000000000000000
r14=0000000000000000 r15=00000000c5646641
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!ExAllocatePoolWithTag+0x53d:
fffff800`02baf90d 48895808 mov qword ptr [rax+8],rbx ds:002b:64693d67`6c263371=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: firefox.exe
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002baf90d
STACK_TEXT:
fffff880`059003c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExAllocatePoolWithTag+0x53d
FOLLOWUP_IP:
nt!ExAllocatePoolWithTag+53d
fffff800`02baf90d 48895808 mov qword ptr [rax+8],rbx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExAllocatePoolWithTag+53d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
STACK_COMMAND: .cxr 0xfffff880058ff9f0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!ExAllocatePoolWithTag+53d
BUCKET_ID: X64_0x3B_nt!ExAllocatePoolWithTag+53d
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\andre75\122911-23961-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02a01000 PsLoadedModuleList = 0xfffff800`02c3ee50
Debug session time: Wed Dec 28 16:49:39.449 2011 (GMT-7)
System Uptime: 0 days 0:16:52.337
Loading Kernel Symbols
...............................................................
................................................................
...............................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff80002a74905, fffff880050705c0, 0}
Probably caused by : ntkrnlmp.exe ( nt!ExpInterlockedPopEntrySListFault16+0 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002a74905, Address of the exception record for the exception that caused the bugcheck
Arg3: fffff880050705c0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!ExpInterlockedPopEntrySListFault16+0
fffff800`02a74905 498b08 mov rcx,qword ptr [r8]
CONTEXT: fffff880050705c0 -- (.cxr 0xfffff880050705c0)
rax=000000004915001c rbx=000000000553ffff rcx=fffff880009e9d60
rdx=514a545356523353 rsi=fffff880009e9d60 rdi=0000000000000000
rip=fffff80002a74905 rsp=fffff88005070f90 rbp=fffff80002c00880
r8=514a545356523352 r9=fffff80002a01000 r10=fffff880009e9d60
r11=0000000000000000 r12=000000000000000a r13=0000000000000000
r14=0000000000000002 r15=000000006d646156
iopl=0 nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202
nt!ExpInterlockedPopEntrySListFault16:
fffff800`02a74905 498b08 mov rcx,qword ptr [r8] ds:002b:514a5453`56523352=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: dwm.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002ba54d3 to fffff80002a74905
STACK_TEXT:
fffff880`05070f90 fffff800`02ba54d3 : fffffa80`01de8024 fffff880`05070fc8 fffffa80`02f34d50 00000000`00000000 : nt!ExpInterlockedPopEntrySListFault16
fffff880`05070fa0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExAllocatePoolWithTag+0x103
FOLLOWUP_IP:
nt!ExpInterlockedPopEntrySListFault16+0
fffff800`02a74905 498b08 mov rcx,qword ptr [r8]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!ExpInterlockedPopEntrySListFault16+0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
STACK_COMMAND: .cxr 0xfffff880050705c0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_nt!ExpInterlockedPopEntrySListFault16+0
BUCKET_ID: X64_0x3B_nt!ExpInterlockedPopEntrySListFault16+0
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\andre75\122911-16520-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02a63000 PsLoadedModuleList = 0xfffff800`02ca0e50
Debug session time: Thu Dec 29 05:16:10.356 2011 (GMT-7)
System Uptime: 0 days 1:36:19.245
Loading Kernel Symbols
...............................................................
................................................................
...............................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff80002aeb4c5, 0, ffffffffffffffff}
Probably caused by : ntkrnlmp.exe ( nt!FsRtlLookupPerFileObjectContext+a5 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002aeb4c5, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!FsRtlLookupPerFileObjectContext+a5
fffff800`02aeb4c5 48395810 cmp qword ptr [rax+10h],rbx
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002d0b0e0
ffffffffffffffff
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x1E
PROCESS_NAME: DUMeter.exe
CURRENT_IRQL: 1
EXCEPTION_RECORD: fffff88006adad98 -- (.exr 0xfffff88006adad98)
ExceptionAddress: fffff80002aeb4c5 (nt!FsRtlLookupPerFileObjectContext+0x00000000000000a5)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
TRAP_FRAME: fffff88006adae40 -- (.trap 0xfffff88006adae40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=636d67444d7a5944 rbx=0000000000000000 rcx=fffffa8001bed1a8
rdx=fffffa8001a5a910 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002aeb4c5 rsp=fffff88006adafd0 rbp=0000000000000000
r8=0000000000000000 r9=fffffa8002146bc0 r10=fffffa8000c0cd50
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac po cy
nt!FsRtlLookupPerFileObjectContext+0xa5:
fffff800`02aeb4c5 48395810 cmp qword ptr [rax+10h],rbx ds:b030:636d6744`4d7a5954=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002b0da39 to fffff80002ad3740
STACK_TEXT:
fffff880`06ada5c8 fffff800`02b0da39 : 00000000`0000001e ffffffff`c0000005 fffff800`02aeb4c5 00000000`00000000 : nt!KeBugCheckEx
fffff880`06ada5d0 fffff800`02ad2d82 : fffff880`06adad98 fffffa80`01a5a910 fffff880`06adae40 fffffa80`01bed170 : nt!KiDispatchException+0x1b9
fffff880`06adac60 fffff800`02ad168a : 00000000`00000000 fffff880`00000030 fffffa80`02a05740 fffffa80`01c5a010 : nt!KiExceptionDispatch+0xc2
fffff880`06adae40 fffff800`02aeb4c5 : fffffa80`01141280 00000000`00000000 fffffa80`01141280 00000000`00000000 : nt!KiGeneralProtectionFault+0x10a
fffff880`06adafd0 fffff880`00da9aaf : 00000000`00000000 fffff880`06adb0d0 fffffa80`02146bc0 00000000`00000000 : nt!FsRtlLookupPerFileObjectContext+0xa5
fffff880`06adb010 fffff880`00da7922 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : fltmgr!FltpGetStartingCallbackNode+0x3f
fffff880`06adb0a0 fffff800`02aeac21 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : fltmgr!FltpPreFsFilterOperation+0xa2
fffff880`06adb130 fffff800`02dc5b48 : fffff880`00da7710 00000000`00000000 fffff880`06adb1c8 fffff880`00da7880 : nt!FsFilterPerformCallbacks+0xcd
fffff880`06adb190 fffff800`02ab5186 : fffffa80`02146bc0 fffff8a0`03cd26b0 fffffa80`01408801 ffffffff`80000b00 : nt!FsRtlAcquireFileExclusiveCommon+0xe8
fffff880`06adb430 fffff800`02dc4052 : fffffa80`02146bc0 fffff8a0`03cd26b0 fffffa80`014088e0 00000000`04000000 : nt!CcZeroEndOfLastPage+0x56
fffff880`06adb470 fffff800`02f2f6b5 : fffff8a0`031a3a10 00000000`00000000 00000000`00000001 00000002`00000000 : nt!NtCreateSection+0x1a1
fffff880`06adb4f0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PfSnGetSectionObject+0x2d5
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!FsRtlLookupPerFileObjectContext+a5
fffff800`02aeb4c5 48395810 cmp qword ptr [rax+10h],rbx
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!FsRtlLookupPerFileObjectContext+a5
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
FAILURE_BUCKET_ID: X64_0x1E_nt!FsRtlLookupPerFileObjectContext+a5
BUCKET_ID: X64_0x1E_nt!FsRtlLookupPerFileObjectContext+a5
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\andre75\122911-17674-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02a01000 PsLoadedModuleList = 0xfffff800`02c3ee50
Debug session time: Thu Dec 29 05:23:08.471 2011 (GMT-7)
System Uptime: 0 days 0:06:35.359
Loading Kernel Symbols
...............................................................
................................................................
..............................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {b0, 2, 0, fffff80002b2998c}
Probably caused by : ntkrnlmp.exe ( nt!PsCheckThreadCpuQuota+8c )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000000000b0, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002b2998c, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ca90e0
00000000000000b0
CURRENT_IRQL: 2
FAULTING_IP:
nt!PsCheckThreadCpuQuota+8c
fffff800`02b2998c 394330 cmp dword ptr [rbx+30h],eax
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: svchost.exe
TRAP_FRAME: fffff80000b9cb40 -- (.trap 0xfffff80000b9cb40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=000000f800000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002b2998c rsp=fffff80000b9ccd0 rbp=fffff80002bebe80
r8=fffffa80014693a0 r9=0000000000000000 r10=fffff80002a01000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
nt!PsCheckThreadCpuQuota+0x8c:
fffff800`02b2998c 394330 cmp dword ptr [rbx+30h],eax ds:9c40:00000000`00000030=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002a70ca9 to fffff80002a71740
STACK_TEXT:
fffff800`00b9c9f8 fffff800`02a70ca9 : 00000000`0000000a 00000000`000000b0 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff800`00b9ca00 fffff800`02a6f920 : 00000000`44610000 00000000`00000080 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff800`00b9cb40 fffff800`02b2998c : 00000000`0000015f fffff800`02a77a6f 00000000`00000010 00000000`00000246 : nt!KiPageFault+0x260
fffff800`00b9ccd0 fffff800`02a77ad2 : fffffa80`00cb79e0 fffff800`02bebe80 00000000`00000002 fffffa80`014693a0 : nt!PsCheckThreadCpuQuota+0x8c
fffff800`00b9cd00 fffff800`02a79f9d : fffff800`02bebe80 fffff800`02bf9c40 00000000`00000000 fffffa80`01ee50f0 : nt!SwapContext_PatchXRstor+0xec
fffff800`00b9cd40 00000000`00000000 : fffff800`00b9d000 fffff800`00b97000 fffff800`00b9cd00 00000000`00000000 : nt!KiIdleLoop+0x10d
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!PsCheckThreadCpuQuota+8c
fffff800`02b2998c 394330 cmp dword ptr [rbx+30h],eax
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!PsCheckThreadCpuQuota+8c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c1c44a9
FAILURE_BUCKET_ID: X64_0xA_nt!PsCheckThreadCpuQuota+8c
BUCKET_ID: X64_0xA_nt!PsCheckThreadCpuQuota+8c
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\andre75\123011-16582-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`02a1a000 PsLoadedModuleList = 0xfffff800`02c57e50
Debug session time: Thu Dec 29 11:05:22.931 2011 (GMT-7)
System Uptime: 0 days 1:54:02.819
Loading Kernel Symbols
...............................................................
................................................................
...............................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 44, {fffffa80015ff0d0, eae, 0, 0}
Unable to load image \SystemRoot\system32\DRIVERS\avgntflt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for avgntflt.sys
*** ERROR: Module load completed but symbols could not be loaded for avgntflt.sys
Probably caused by : avgntflt.sys ( avgntflt+46bf )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MULTIPLE_IRP_COMPLETE_REQUESTS (44)
A driver has requested that an IRP be completed (IoCompleteRequest()), but
the packet has already been completed. This is a tough bug to find because
the easiest case, a driver actually attempted to complete its own packet
twice, is generally not what happened. Rather, two separate drivers each
believe that they own the packet, and each attempts to complete it. The
first actually works, and the second fails. Tracking down which drivers
in the system actually did this is difficult, generally because the trails
of the first driver have been covered by the second. However, the driver
stack for the current request can be found by examining the DeviceObject
fields in each of the stack locations.
Arguments:
Arg1: fffffa80015ff0d0, Address of the IRP
Arg2: 0000000000000eae
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
IRP_ADDRESS: fffffa80015ff0d0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x44
PROCESS_NAME: DUMeterSvc.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002a74365 to fffff80002a8a740
STACK_TEXT:
fffff880`046cd298 fffff800`02a74365 : 00000000`00000044 fffffa80`015ff0d0 00000000`00000eae 00000000`00000000 : nt!KeBugCheckEx
fffff880`046cd2a0 fffff880`00e0e1be : 00000000`00000000 00000000`00000001 fffff880`02033710 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x3ec7e
fffff880`046cd380 fffff880`020296bf : 00000000`00000000 00000000`00100001 fffff8a0`04481010 fffffa80`000003d0 : fltmgr!FltSendMessage+0x60e
fffff880`046cd4b0 00000000`00000000 : 00000000`00100001 fffff8a0`04481010 fffffa80`000003d0 fffff880`046cd540 : avgntflt+0x46bf
STACK_COMMAND: kb
FOLLOWUP_IP:
avgntflt+46bf
fffff880`020296bf ?? ???
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: avgntflt+46bf
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: avgntflt
IMAGE_NAME: avgntflt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4be43a4e
FAILURE_BUCKET_ID: X64_0x44_avgntflt+46bf
BUCKET_ID: X64_0x44_avgntflt+46bf
Followup: MachineOwner
---------
Your blue screen errors are pretty far afield, but the last one was related to Avira which is known to cause blue screens from time to time on some systems. Please uninstall Avira using Windows uninstall and then