15 PC's all configured similar all experiencing random BSOD's

Page 1 of 2 12 LastLast

  1. Posts : 5
    Windows 7 Pro 64-bit
       #1

    15 PC's all configured similar all experiencing random BSOD's


    Hello experts,

    I am an IT provider and I set up 15 heavy duty computers at 15 client locations. They are all exactly the same PC:

    Dell Optiplex 990
    Core i7
    4GB RAM preinstalled + 8GB RAM installed by me
    500GB HDD

    Ruuning the preinstalled OEM copy of Windows 7 64-bit.

    The only thing we did with these PC's when we got them was open them up and add the 8GB of RAM - (Newegg.com - G.SKILL Value Series 8GB (2 x 4GB) 240-Pin DDR3 SDRAM DDR3 1333 (PC3 10600) Desktop Memory Model F3-10600CL9D-8GBNT) - G.SKILL Value Series 8GB (2 x 4GB) 240-Pin DDR3 SDRAM DDR3 1333 (PC3 10600) Desktop Memory Model F3-10600CL9D-8GBNT, and we installed vSpace by ncomputing (NComputing | Desktop Virtualization for Enterprise, Education, SMB, Government) to use as a vSpace server, which has been working quite well, aside from the random reboots. The BSOD's started almost immediately after we put these PC's into production. First they wouldn't restart themselves and we needed someone to go down and hold down the power button for 5 seconds to shut off and then turn it back on. These days they are rebooting themselves and we see Windows has recovered from an error (bluescreen) on first sign-in. The BSOD's happen more when I am installing new software or doing maintenance on the computers. For example the other night I installed Office 2010 and all windows updates and over the weekend 5 of them bluescreen'd.

    The 2 obvious culprits may be the 8GB of RAM which is for some reason causing it, or the vSpace software which is driver based at the system level. nComputing tech support reports that they have not heard of any other customer complaining about random BSOD's on Windows 7 64-bit so I am at a loss. I have never read any memory dumps as I don't even know where to begin, and I've found this forum and I'm hoping one of you guys can help.

    BTW, the systems were purchased 3 months ago and it began happening immediately after we put them into production.

    I have enclosed a zip with the 15 different zip files as requested on the sticky to this forum, and I've done a perfmon on 4 systems and enclosed it.

    Thanks so much in advance to anyone who can help me with this issue, as aside from this the setup is actually working quite well for me.

    The attachments from all 15 ended up at 13MB so I split it into 3.
      My Computer


  2. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #2

    One thing I would like to ask before looking these over: does that model for Dell have any known problems?
      My Computer


  3. Posts : 5
    Windows 7 Pro 64-bit
    Thread Starter
       #3

    writhziden said:
    One thing I would like to ask before looking these over: does that model for Dell have any known problems?
    I've done research on Optiplex BSOD and have not found anything significant. I appreciate the time you are taking to look over my logs. Most likely after 1 or 2 it will become apparent what the issue is.
      My Computer


  4. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #4

    First five


    BATESVILLE
    Code:
    1. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\BATESVILLE-PC-BSOD\Windows_NT6_BSOD_jcgriff2\110411-21606-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c5e000 PsLoadedModuleList = 0xfffff800`02ea3670 Debug session time: Fri Nov 4 11:16:30.029 2011 (UTC - 7:00) System Uptime: 3 days 14:24:25.857 Loading Kernel Symbols ............................................................... ................................................................ .................................. Loading User Symbols Loading unloaded module list .............. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1E, {ffffffffc0000005, fffff80002e0aa9b, 0, ffffffffffffffff} Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+1df ) Followup: Pool_corruption --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KMODE_EXCEPTION_NOT_HANDLED (1e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffff80002e0aa9b, The address that the exception occurred at Arg3: 0000000000000000, Parameter 0 of the exception Arg4: ffffffffffffffff, Parameter 1 of the exception Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: nt!ExDeferredFreePool+1df fffff800`02e0aa9b 4c395808 cmp qword ptr [rax+8],r11 EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: ffffffffffffffff READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f0d100 ffffffffffffffff ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. BUGCHECK_STR: 0x1E_c0000005 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: winlogon.exe CURRENT_IRQL: 2 LAST_CONTROL_TRANSFER: from fffff80002d26588 to fffff80002cdac40 STACK_TEXT: fffff880`078fc568 fffff800`02d26588 : 00000000`0000001e ffffffff`c0000005 fffff800`02e0aa9b 00000000`00000000 : nt!KeBugCheckEx fffff880`078fc570 fffff800`02cda2c2 : fffff880`078fcd48 00000000`00000000 fffff880`078fcdf0 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4977d fffff880`078fcc10 fffff800`02cd8bca : fffff880`078fd020 fffff880`012a0807 fffff880`078fcf28 fffffa80`0c4cb180 : nt!KiExceptionDispatch+0xc2 fffff880`078fcdf0 fffff800`02e0aa9b : 00000000`00000000 00000000`00000000 fffff880`078fd080 00000000`00000000 : nt!KiGeneralProtectionFault+0x10a fffff880`078fcf80 fffff800`02e0a1a1 : fffff8a0`00001b30 fffffa80`0e6beb00 00000000`00000000 fffffa80`0a5ab8a0 : nt!ExDeferredFreePool+0x1df fffff880`078fd010 fffff800`02fd74a9 : fffffa80`0c1ef820 fffffa80`09a04a30 fffffa80`58434f46 fffffa80`0c1ef820 : nt!ExFreePoolWithTag+0x411 fffff880`078fd0c0 fffff800`02ce4af4 : fffffa80`0e6beb10 fffffa80`11888920 fffffa80`09a04a30 fffff880`078fd3c8 : nt!IopDeleteFile+0x239 fffff880`078fd150 fffff800`02fd1f44 : fffffa80`11888920 00000000`00000000 fffffa80`0ec06b60 00000000`00000000 : nt!ObfDereferenceObject+0xd4 fffff880`078fd1b0 fffff800`02fd24f4 : 00000000`00002d64 fffffa80`11888920 fffff8a0`00001b30 00000000`00002d64 : nt!ObpCloseHandleTableEntry+0xc4 fffff880`078fd240 fffff800`02cd9ed3 : fffffa80`0ec06b60 fffff880`078fd310 fffff880`078fd480 00000000`00000000 : nt!ObpCloseHandle+0x94 fffff880`078fd290 fffff800`02cd6470 : fffff880`011c366c 00000000`00000000 fffff8a0`050fb0b0 fffff880`078fd480 : nt!KiSystemServiceCopyEnd+0x13 fffff880`078fd428 fffff880`011c366c : 00000000`00000000 fffff8a0`050fb0b0 fffff880`078fd480 fffff800`02ce4afc : nt!KiServiceLinkage fffff880`078fd430 fffff800`03049405 : fffff880`078fd608 fffff880`078fd600 fffff8a0`0369cfd4 00000000`000007ff : fileinfo!FIPfInterfaceClose+0x48 fffff880`078fd460 fffff800`030d33e7 : fffff8a0`0369c150 fffff8a0`0369c150 fffff8a0`0369cfd4 fffff880`078fd600 : nt!PfpOpenHandleClose+0x55 fffff880`078fd4b0 fffff800`03136c71 : 00000000`00000000 00000000`00000000 fffffa80`4c506343 00000000`00000000 : nt!PfSnCleanupPrefetchSectionInfo+0x57 fffff880`078fd4e0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PfSnPrefetchSections+0x4b1 STACK_COMMAND: kb FOLLOWUP_IP: nt!ExDeferredFreePool+1df fffff800`02e0aa9b 4c395808 cmp qword ptr [rax+8],r11 SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: nt!ExDeferredFreePool+1df FOLLOWUP_NAME: Pool_corruption IMAGE_NAME: Pool_Corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MODULE_NAME: Pool_Corruption FAILURE_BUCKET_ID: X64_0x1E_c0000005_nt!ExDeferredFreePool+1df BUCKET_ID: X64_0x1E_c0000005_nt!ExDeferredFreePool+1df Followup: Pool_corruption ---------
    2. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\BATESVILLE-PC-BSOD\Windows_NT6_BSOD_jcgriff2\121411-15444-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c08000 PsLoadedModuleList = 0xfffff800`02e4d670 Debug session time: Wed Dec 14 08:38:42.205 2011 (UTC - 7:00) System Uptime: 0 days 10:58:18.033 Loading Kernel Symbols ............................................................... ................................................................ ................................... Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1000007E, {ffffffffc0000005, fffff80002c09530, fffff8800355ae58, fffff8800355a6b0} Probably caused by : ndis.sys ( ndis!ndisMInitializeAdapter+9fd ) Followup: MachineOwner --------- 4: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG. This will let us see why this breakpoint is happening. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffff80002c09530, The address that the exception occurred at Arg3: fffff8800355ae58, Exception Record Address Arg4: fffff8800355a6b0, Context Record Address Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: nt!WmipDoFindRegEntryByDevice+10 fffff800`02c09530 48394810 cmp qword ptr [rax+10h],rcx EXCEPTION_RECORD: fffff8800355ae58 -- (.exr 0xfffff8800355ae58) ExceptionAddress: fffff80002c09530 (nt!WmipDoFindRegEntryByDevice+0x0000000000000010) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff CONTEXT: fffff8800355a6b0 -- (.cxr 0xfffff8800355a6b0) rax=ff49009249209249 rbx=fffffa801021f050 rcx=fffffa801021f050 rdx=fffff80002df6460 rsi=0000000000000000 rdi=fffffa801021f050 rip=fffff80002c09530 rsp=fffff8800355b098 rbp=0000000000000000 r8=fffff78000000008 r9=0000000000000000 r10=0000000000000000 r11=fffff880009cf180 r12=fffffa801021f050 r13=0000000000000000 r14=0000000000000000 r15=0000000000000004 iopl=0 nv up ei ng nz na pe cy cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010283 nt!WmipDoFindRegEntryByDevice+0x10: fffff800`02c09530 48394810 cmp qword ptr [rax+10h],rcx ds:002b:ff490092`49209259=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: ffffffffffffffff READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eb7100 ffffffffffffffff FOLLOWUP_IP: ndis!ndisMInitializeAdapter+9fd fffff880`016d114d 85c0 test eax,eax BUGCHECK_STR: 0x7E LOCK_ADDRESS: fffff80002e83b80 -- (!locks fffff80002e83b80) Resource @ nt!PiEngineLock (0xfffff80002e83b80) Available WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted. WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted. 1 total locks PNP_TRIAGE: Lock address : 0xfffff80002e83b80 Thread Count : 0 Thread address: 0x0000000000000000 Thread wait : 0x0 LAST_CONTROL_TRANSFER: from fffff8000301263d to fffff80002c09530 STACK_TEXT: fffff880`0355b098 fffff800`0301263d : 00000000`00000000 fffffa80`09d52300 fffff880`009cf180 fffffa80`0fe69020 : nt!WmipDoFindRegEntryByDevice+0x10 fffff880`0355b0a0 fffff800`030af177 : fffffa80`0fe69020 80000000`00000004 00000000`00000000 fffffa80`0fe69020 : nt!WmipFindRegEntryByDevice+0x1d fffff880`0355b0d0 fffff800`030af37c : fffffa80`10220100 00000000`00000000 00000000`00000000 fffffa80`1021f050 : nt!WmipRegisterDevice+0x37 fffff880`0355b100 fffff880`016d114d : fffffa80`10220100 00000000`00000004 80000000`00000004 fffffa80`1021f1a0 : nt!IoWMIRegistrationControl+0xec fffff880`0355b130 fffff880`016d0683 : fffffa80`0d0f1ea0 fffffa80`0fe69020 00000000`00000000 01ccba76`7532937c : ndis!ndisMInitializeAdapter+0x9fd fffff880`0355b4f0 fffff880`016d276c : fffffa80`0d0f1ea0 fffffa80`1021f050 00000000`00000000 fffff880`01625300 : ndis!ndisInitializeAdapter+0x113 fffff880`0355b550 fffff880`016d0356 : fffffa80`1021f1a0 fffffa80`0d0f1ea0 00000000`00000000 ffffd353`6b43ca50 : ndis!ndisPnPStartDevice+0xac fffff880`0355b5b0 fffff800`0303dd6e : 00000000`00000000 fffffa80`0d0f1ea0 fffffa80`1021f050 fffff880`0355b6e0 : ndis!ndisPnPDispatch+0x246 fffff880`0355b650 fffff800`02d7587d : fffffa80`0fee84b0 fffffa80`0a6ed4b0 fffff800`02d7efa0 00000000`00000000 : nt!PnpAsynchronousCall+0xce fffff880`0355b690 fffff800`0304d0b6 : fffff800`02e83940 fffffa80`0fedea30 fffffa80`0a6ed4b0 fffffa80`0fedebd8 : nt!PnpStartDevice+0x11d fffff880`0355b750 fffff800`0304d354 : fffffa80`0fedea30 fffffa80`09a10032 fffffa80`09a1fb60 00000000`00000001 : nt!PnpStartDeviceNode+0x156 fffff880`0355b7e0 fffff800`03070a86 : fffffa80`0fedea30 fffffa80`09a1fb60 00000000`00000002 00000000`00000000 : nt!PipProcessStartPhase1+0x74 fffff880`0355b810 fffff800`03071018 : fffff800`02e81500 00000000`00000000 00000000`00000001 fffff800`02eee814 : nt!PipProcessDevNodeTree+0x296 fffff880`0355ba80 fffff800`02d818e7 : 00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 : nt!PiProcessReenumeration+0x98 fffff880`0355bad0 fffff800`02c8f001 : fffff800`02d815c0 fffff800`02f7b901 fffffa80`09a5cb00 00000000`00000000 : nt!PnpDeviceActionWorker+0x327 fffff880`0355bb70 fffff800`02f1ffee : 00000000`00000000 fffffa80`09a5cb60 00000000`00000080 fffffa80`099dc040 : nt!ExpWorkerThread+0x111 fffff880`0355bc00 fffff800`02c765e6 : fffff880`02174180 fffffa80`09a5cb60 fffff880`0217f0c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a fffff880`0355bc40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16 SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: ndis!ndisMInitializeAdapter+9fd FOLLOWUP_NAME: MachineOwner MODULE_NAME: ndis IMAGE_NAME: ndis.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d1ad232 STACK_COMMAND: .cxr 0xfffff8800355a6b0 ; kb FAILURE_BUCKET_ID: X64_0x7E_ndis!ndisMInitializeAdapter+9fd BUCKET_ID: X64_0x7E_ndis!ndisMInitializeAdapter+9fd Followup: MachineOwner ---------
    3. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\BATESVILLE-PC-BSOD\Windows_NT6_BSOD_jcgriff2\121611-13478-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c66000 PsLoadedModuleList = 0xfffff800`02eab670 Debug session time: Fri Dec 16 06:29:41.613 2011 (UTC - 7:00) System Uptime: 0 days 5:11:02.314 Loading Kernel Symbols ............................................................... ................................................................ ................................ Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 50, {fffffa8058acb0b4, 0, fffff88005bb7497, 5} Could not read faulting driver name Probably caused by : dxgmms1.sys ( dxgmms1!VidMmGetTotalSegmentSize+23 ) Followup: MachineOwner --------- 6: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: fffffa8058acb0b4, memory referenced. Arg2: 0000000000000000, value 0 = read operation, 1 = write operation. Arg3: fffff88005bb7497, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000005, (reserved) Debugging Details: ------------------ Could not read faulting driver name READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f15100 fffffa8058acb0b4 FAULTING_IP: dxgmms1!VidMmGetTotalSegmentSize+23 fffff880`05bb7497 f6403001 test byte ptr [rax+30h],1 MM_INTERNAL_CODE: 5 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x50 PROCESS_NAME: iexplore.exe CURRENT_IRQL: 0 TRAP_FRAME: fffff88007cf6820 -- (.trap 0xfffff88007cf6820) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa8058acb084 rbx=0000000000000000 rcx=fffffa800e3b1000 rdx=fffff8a00be700d0 rsi=0000000000000000 rdi=0000000000000000 rip=fffff88005bb7497 rsp=fffff88007cf69b8 rbp=fffff88007cf6b60 r8=fffff8a00be700d8 r9=fffff8a00be700e0 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na pe nc dxgmms1!VidMmGetTotalSegmentSize+0x23: fffff880`05bb7497 f6403001 test byte ptr [rax+30h],1 ds:00d0:fffffa80`58acb0b4=?? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002c8d3bf to fffff80002ce2c40 STACK_TEXT: fffff880`07cf66b8 fffff800`02c8d3bf : 00000000`00000050 fffffa80`58acb0b4 00000000`00000000 fffff880`07cf6820 : nt!KeBugCheckEx fffff880`07cf66c0 fffff800`02ce0d6e : 00000000`00000000 fffffa80`58acb0b4 00000000`00000000 fffffa80`0e174000 : nt! ?? ::FNODOBFM::`string'+0x44791 fffff880`07cf6820 fffff880`05bb7497 : fffff880`05ae8a97 fffffa80`0e174000 fffffa80`0e174000 00000000`0265ef00 : nt!KiPageFault+0x16e fffff880`07cf69b8 fffff880`05ae8a97 : fffffa80`0e174000 fffffa80`0e174000 00000000`0265ef00 00000000`000007ff : dxgmms1!VidMmGetTotalSegmentSize+0x23 fffff880`07cf69c0 fffff960`001157a2 : fffffa80`09ee6b60 00000000`00000018 00000000`00000003 00000000`000007df : dxgkrnl!DxgkQueryAdapterInfo+0x5a3 fffff880`07cf6ab0 fffff800`02ce1ed3 : fffffa80`09ee6b60 fffff880`07cf6b60 00000000`7efa7000 fffffa80`0c8e76d0 : win32k!NtGdiDdDDIQueryAdapterInfo+0x12 fffff880`07cf6ae0 00000000`74c115ea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`0265e618 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x74c115ea STACK_COMMAND: kb FOLLOWUP_IP: dxgmms1!VidMmGetTotalSegmentSize+23 fffff880`05bb7497 f6403001 test byte ptr [rax+30h],1 SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: dxgmms1!VidMmGetTotalSegmentSize+23 FOLLOWUP_NAME: MachineOwner MODULE_NAME: dxgmms1 IMAGE_NAME: dxgmms1.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4ce799c1 FAILURE_BUCKET_ID: X64_0x50_dxgmms1!VidMmGetTotalSegmentSize+23 BUCKET_ID: X64_0x50_dxgmms1!VidMmGetTotalSegmentSize+23 Followup: MachineOwner ---------
    4. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\BATESVILLE-PC-BSOD\Windows_NT6_BSOD_jcgriff2\121911-14726-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c07000 PsLoadedModuleList = 0xfffff800`02e4c670 Debug session time: Mon Dec 19 14:10:33.785 2011 (UTC - 7:00) System Uptime: 3 days 6:44:15.612 Loading Kernel Symbols ............................................................... ................................................................ ................................... Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck E4, {1, fffffa800d5004c0, 1, 0} Probably caused by : usbhub.sys ( usbhub!UsbhHubQueueProcessChangeWorker+77 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* WORKER_INVALID (e4) A executive worker item was found in memory which must not contain such items or a work item was queued that is currently active in the system. Usually this is memory being freed. This is usually caused by a device driver that has not cleaned up properly before freeing memory. Arguments: Arg1: 0000000000000001, Queuing of active worker item Arg2: fffffa800d5004c0, Address of worker item Arg3: 0000000000000001, Queue number Arg4: 0000000000000000, 0 Debugging Details: ------------------ CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xE4 PROCESS_NAME: NCWTService.ex CURRENT_IRQL: 2 LAST_CONTROL_TRANSFER: from fffff80002c3f59a to fffff80002c83c40 STACK_TEXT: fffff880`0cf002d8 fffff800`02c3f59a : 00000000`000000e4 00000000`00000001 fffffa80`0d5004c0 00000000`00000001 : nt!KeBugCheckEx fffff880`0cf002e0 fffff880`05d36bc7 : fffffa80`0e00d640 fffffa80`0e00d640 fffffa80`0d3d1000 00000000`00000002 : nt! ?? ::FNODOBFM::`string'+0x104aa fffff880`0cf00320 fffff880`05d31362 : fffffa80`0e00d640 fffffa80`0d3d1050 fffffa80`0d3d1050 fffffa80`63654448 : usbhub!UsbhHubQueueProcessChangeWorker+0x77 fffff880`0cf00360 fffff880`05d2fbef : 00000000`00000000 fffffa80`50447100 fffffa80`0e00d640 00000000`00100000 : usbhub!Usbh_PCE_Enable_Action+0x212 fffff880`0cf003b0 fffff880`05d34900 : fffffa80`0d3d1050 00000000`00000001 fffffa80`0d3d1918 00000000`00000003 : usbhub!UsbhDispatch_PortChangeQueueEventEx+0x123 fffff880`0cf003f0 fffff880`05d2cfeb : 00000000`00000003 fffffa80`0d3d1918 00000000`00000000 fffff800`00000000 : usbhub!UsbhPCE_Enable+0xb0 fffff880`0cf00440 fffff880`05d2c850 : 00000000`00000003 fffffa80`0d3d11a0 fffffa80`0d3d1050 00000000`00000008 : usbhub!UsbhBusResume_Action+0x8f fffff880`0cf00480 fffff880`05d2cea3 : fffffa80`0d3d11a0 00000000`00000008 fffffa80`0d3d1050 00000000`00000000 : usbhub!UsbhReleaseBusStateLock+0x50 fffff880`0cf004b0 fffff880`05d2d9a6 : fffffa80`0d3d1918 fffffa80`0d3d11a0 fffffa80`0d3d1050 fffffa80`10aede08 : usbhub!UsbhDispatch_BusEvent+0x1fb fffff880`0cf00500 fffff880`05d5ea75 : 00000000`00000000 fffff880`6e447352 00000000`00000000 fffffa80`0d640000 : usbhub!UsbhSyncBusResume+0x42 fffff880`0cf00540 fffff880`05d5da9e : 00000000`00000000 fffffa80`0d3d11a0 fffffa80`0d3d11a0 fffffa80`0d3d1050 : usbhub!UsbhSshResumeDownstream+0x59 fffff880`0cf005c0 fffff880`05d5d473 : 00000000`00000008 00000000`00000001 fffffa80`0d3d1050 00000000`00000000 : usbhub!Usbh_SSH_HubPendingResume+0xb6 fffff880`0cf00600 fffff880`05d260ad : fffffa80`10aedc60 fffffa80`0d02a050 fffffa80`0d640050 fffffa80`0d3d1050 : usbhub!Usbh_SSH_Event+0x10b fffff880`0cf00630 fffff880`05d25fdf : fffffa80`10aedc60 fffffa80`0d640050 00000000`00000001 fffffa80`0d6401a0 : usbhub!UsbhFdoInternalDeviceControl+0x75 fffff880`0cf00670 fffff880`04816459 : fffffa80`0d3c4640 fffffa80`0d3d1050 00000000`00000000 fffffa80`0d640050 : usbhub!UsbhGenDispatch+0x7f fffff880`0cf006a0 fffff880`04816363 : fffffa80`0d3c4640 fffffa80`0d02a050 fffffa80`0d02a1a0 00000000`00000000 : USBPORT!USBPORT_SendSynchronousUsbIoctlRequest+0xd1 fffff880`0cf00730 fffff880`05d5e949 : 00000000`00000000 fffffa80`0d3d11a0 fffffa80`0d3d1868 fffffa80`0d3d1050 : USBPORT!USBPORTBUSIF_ResumeRootHub+0x19f fffff880`0cf00780 fffff880`05d5d993 : 00000000`00000000 00000000`00000001 fffff880`00000003 fffffa80`0d3d1050 : usbhub!UsbhSshResumeUpstream+0x79 fffff880`0cf007e0 fffff880`05d5d482 : 00000000`00000006 fffffa80`0d3d1050 00000040`00000000 00000000`00600056 : usbhub!Usbh_SSH_HubSuspended+0xd3 fffff880`0cf00810 fffff880`05d261f4 : 00000000`00220450 fffffa80`109e0200 fffffa80`0d3d1050 fffffa80`109e0010 : usbhub!Usbh_SSH_Event+0x11a fffff880`0cf00840 fffff880`05d25fdf : fffffa80`108d8d00 fffff880`0cf00b60 fffffa80`108d8d00 00000000`00000004 : usbhub!UsbhFdoDeviceControl+0xc0 fffff880`0cf008a0 fffff800`02f9ea97 : fffffa80`109e0248 fffff880`0cf00b60 fffffa80`109e0248 fffffa80`109e0010 : usbhub!UsbhGenDispatch+0x7f fffff880`0cf008d0 fffff800`02f9f2f6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607 fffff880`0cf00a00 fffff800`02c82ed3 : fffffa80`114a19b0 fffff880`0cf00b60 fffff880`746c6644 fffff880`0cf00af8 : nt!NtDeviceIoControlFile+0x56 fffff880`0cf00a70 00000000`7781138a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`06d2d6f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7781138a STACK_COMMAND: kb FOLLOWUP_IP: usbhub!UsbhHubQueueProcessChangeWorker+77 fffff880`05d36bc7 488d8b78090000 lea rcx,[rbx+978h] SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: usbhub!UsbhHubQueueProcessChangeWorker+77 FOLLOWUP_NAME: MachineOwner MODULE_NAME: usbhub IMAGE_NAME: usbhub.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d8c0b08 FAILURE_BUCKET_ID: X64_0xE4_usbhub!UsbhHubQueueProcessChangeWorker+77 BUCKET_ID: X64_0xE4_usbhub!UsbhHubQueueProcessChangeWorker+77 Followup: MachineOwner ---------
    Drivers that may need updating:
    Code:
    lmimirr	fffff880`048ab000	fffff880`048b2000	Tue Apr 10 16:32:45 2007 (461c108d)	0000a04c		lmimirr.sys
    RaInfo	fffff880`03e72000	fffff880`03e79000	Fri Jan 04 11:57:14 2008 (477e818a)	0000d903		RaInfo.sys
    PBADRV	fffff880`01bd4000	fffff880`01be0000	Mon Jan 07 12:12:13 2008 (4782798d)	000085ef		PBADRV.sys
    LMIRfsDriver	fffff880`03e79000	fffff880`03e8c000	Mon Jul 14 10:26:56 2008 (487b7e50)	0001e26d		LMIRfsDriver.sys
    dsNcAdpt	fffff880`048b2000	fffff880`048bf000	Mon Mar 30 20:33:33 2009 (49d180fd)	00010bf6		dsNcAdpt.sys
    CLIFTYFALLS
    Code:
    1. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\CLIFTYFALLS-PC-BSOD\Windows_NT6_BSOD_jcgriff2\120811-16426-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02a54000 PsLoadedModuleList = 0xfffff800`02c99670 Debug session time: Thu Dec 8 05:15:14.037 2011 (UTC - 7:00) System Uptime: 0 days 8:55:19.865 Loading Kernel Symbols ............................................................... ................................................................ ............................... Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck C5, {a65, 2, 0, fffff80002c00a9b} Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+1df ) Followup: Pool_corruption --------- 6: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_CORRUPTED_EXPOOL (c5) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is caused by drivers that have corrupted the system pool. Run the driver verifier against any new (or suspect) drivers, and if that doesn't turn up the culprit, then use gflags to enable special pool. Arguments: Arg1: 0000000000000a65, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff80002c00a9b, address which referenced memory Debugging Details: ------------------ BUGCHECK_STR: 0xC5_2 CURRENT_IRQL: 2 FAULTING_IP: nt!ExDeferredFreePool+1df fffff800`02c00a9b 4c395808 cmp qword ptr [rax+8],r11 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: svchost.exe TRAP_FRAME: fffff880079514a0 -- (.trap 0xfffff880079514a0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000a5d rbx=0000000000000000 rcx=fffff80002c5b4a0 rdx=fffffa800d0da4f0 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002c00a9b rsp=fffff88007951630 rbp=0000000000000000 r8=fffffa800a2b6a70 r9=fffffa800d0da4b0 r10=0000000000000001 r11=fffffa800d0da4c0 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na pe nc nt!ExDeferredFreePool+0x1df: fffff800`02c00a9b 4c395808 cmp qword ptr [rax+8],r11 ds:00000000`00000a65=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002ad01e9 to fffff80002ad0c40 STACK_TEXT: fffff880`07951358 fffff800`02ad01e9 : 00000000`0000000a 00000000`00000a65 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`07951360 fffff800`02acee60 : fffff6fb`7ea003d0 fffff800`02bfc514 fffff880`07951b60 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff880`079514a0 fffff800`02c00a9b : 00000000`00000000 fffff800`02c5b348 fffff6fb`7ea00302 00000000`00000040 : nt!KiPageFault+0x260 fffff880`07951630 fffff800`02c001a1 : fffffa80`0c30fcb0 fffffa80`09d673c0 00000000`00000000 00000000`000007ff : nt!ExDeferredFreePool+0x1df fffff880`079516c0 fffff880`01615603 : 00000000`00000000 00000000`000000fb fffffa80`46706657 00000000`000000fb : nt!ExFreePoolWithTag+0x411 fffff880`07951770 fffff880`01615a65 : fffffa80`09d673d0 fffffa80`09d673d0 00000000`000000ff fffffa80`09d67ad0 : NETIO!HandleFilterFree+0x53 fffff880`079517a0 fffff880`01615b88 : fffffa80`09b44010 fffffa80`0ec36bb0 00000000`000000fb fffffa80`0c52b480 : NETIO!DeleteFilterFromIndex+0x165 fffff880`07951820 fffff880`01616454 : fffffa80`09000004 fffffa80`09e6ec00 fffffa80`09b44048 00000000`00000000 : NETIO!KfdCommitTransaction+0xe1 fffff880`07951860 fffff880`018e8fcb : fffffa80`09b44010 fffffa80`09e6ec00 fffffa80`0d69c990 00000000`00000001 : NETIO!IoctlKfdCommitTransaction+0x54 fffff880`07951890 fffff800`02deba97 : fffffa80`0d69c990 fffff880`07951b60 fffffa80`0d69c990 fffffa80`09b44010 : tcpip!KfdDispatchDevCtl+0x6b fffff880`079518d0 fffff800`02dec2f6 : fffff680`000103f8 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607 fffff880`07951a00 fffff800`02acfed3 : ffffffff`ffffffff 0000007f`ffffffff 00000000`00000000 00000980`00000000 : nt!NtDeviceIoControlFile+0x56 fffff880`07951a70 00000000`7709138a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`025af5e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7709138a STACK_COMMAND: kb FOLLOWUP_IP: nt!ExDeferredFreePool+1df fffff800`02c00a9b 4c395808 cmp qword ptr [rax+8],r11 SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!ExDeferredFreePool+1df FOLLOWUP_NAME: Pool_corruption IMAGE_NAME: Pool_Corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MODULE_NAME: Pool_Corruption FAILURE_BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+1df BUCKET_ID: X64_0xC5_2_nt!ExDeferredFreePool+1df Followup: Pool_corruption ---------
    2. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\CLIFTYFALLS-PC-BSOD\Windows_NT6_BSOD_jcgriff2\010612-12183-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c00000 PsLoadedModuleList = 0xfffff800`02e45670 Debug session time: Fri Jan 6 10:32:13.431 2012 (UTC - 7:00) System Uptime: 0 days 15:24:00.258 Loading Kernel Symbols ............................................................... ................................................................ ............................. Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck F4, {3, fffffa800f06eb30, fffffa800f06ee10, fffff80002f808b0} Probably caused by : csrss.exe Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* CRITICAL_OBJECT_TERMINATION (f4) A process or thread crucial to system operation has unexpectedly exited or been terminated. Several processes and threads are necessary for the operation of the system; when they are terminated (for any reason), the system can no longer function. Arguments: Arg1: 0000000000000003, Process Arg2: fffffa800f06eb30, Terminating object Arg3: fffffa800f06ee10, Process image file name Arg4: fffff80002f808b0, Explanatory message (ascii) Debugging Details: ------------------ PROCESS_OBJECT: fffffa800f06eb30 IMAGE_NAME: csrss.exe DEBUG_FLR_IMAGE_TIMESTAMP: 0 MODULE_NAME: csrss FAULTING_MODULE: 0000000000000000 PROCESS_NAME: csrss.exe EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. BUGCHECK_STR: 0xF4_C0000005 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT CURRENT_IRQL: 0 STACK_TEXT: fffff880`0955ee38 fffff800`030075e2 : 00000000`000000f4 00000000`00000003 fffffa80`0f06eb30 fffffa80`0f06ee10 : nt!KeBugCheckEx fffff880`0955ee40 fffff800`02fb499b : ffffffff`ffffffff fffffa80`10107060 fffffa80`0f06eb30 fffffa80`0f06eb30 : nt!PspCatchCriticalBreak+0x92 fffff880`0955ee80 fffff800`02f34448 : ffffffff`ffffffff 00000000`00000001 fffffa80`0f06eb30 00000000`00000008 : nt! ?? ::NNGAKEGL::`string'+0x176d6 fffff880`0955eed0 fffff800`02c7bed3 : fffffa80`0f06eb30 fffff800`c0000005 fffffa80`10107060 00000000`02d60540 : nt!NtTerminateProcess+0xf4 fffff880`0955ef50 fffff800`02c78470 : fffff800`02cc867f fffff880`0955fa38 fffff880`0955f790 fffff880`0955fae0 : nt!KiSystemServiceCopyEnd+0x13 fffff880`0955f0e8 fffff800`02cc867f : fffff880`0955fa38 fffff880`0955f790 fffff880`0955fae0 00000000`02d62050 : nt!KiServiceLinkage fffff880`0955f0f0 fffff800`02c7c2c2 : fffff880`0955fa38 00000000`00095fd0 fffff880`0955fae0 00000000`02d61b28 : nt! ?? ::FNODOBFM::`string'+0x49874 fffff880`0955f900 fffff800`02c7ae3a : 00000000`00000001 00000000`02d60c58 00000000`00000001 00000000`00095fd0 : nt!KiExceptionDispatch+0xc2 fffff880`0955fae0 00000000`77458e3d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x23a 00000000`02d60c60 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77458e3d STACK_COMMAND: kb FOLLOWUP_NAME: MachineOwner FAILURE_BUCKET_ID: X64_0xF4_C0000005_IMAGE_csrss.exe BUCKET_ID: X64_0xF4_C0000005_IMAGE_csrss.exe Followup: MachineOwner ---------
    Drivers that may need updating:
    Code:
    lmimirr	fffff880`05b8d000	fffff880`05b94000	Tue Apr 10 16:32:45 2007 (461c108d)	0000a04c		lmimirr.sys
    RaInfo	fffff880`02e9f000	fffff880`02ea6000	Fri Jan 04 11:57:14 2008 (477e818a)	0000d903		RaInfo.sys
    PBADRV	fffff880`01b56000	fffff880`01b62000	Mon Jan 07 12:12:13 2008 (4782798d)	000085ef		PBADRV.sys
    LMIRfsDriver	fffff880`02ea6000	fffff880`02eb9000	Mon Jul 14 10:26:56 2008 (487b7e50)	0001e26d		LMIRfsDriver.sys

    COVINGTON
    Code:
    1. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\COVINGTON-PC-BSOD\Windows_NT6_BSOD_jcgriff2\112111-16863-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c11000 PsLoadedModuleList = 0xfffff800`02e56670 Debug session time: Mon Nov 21 08:32:48.864 2011 (UTC - 7:00) System Uptime: 12 days 7:16:15.529 Loading Kernel Symbols ............................................................... ................................................................ ................................. Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1000007E, {ffffffffc0000005, fffff80002f2d205, fffff880021fc848, fffff880021fc0a0} Probably caused by : memory_corruption ( nt!MiSegmentDelete+21 ) Followup: MachineOwner --------- 3: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG. This will let us see why this breakpoint is happening. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffff80002f2d205, The address that the exception occurred at Arg3: fffff880021fc848, Exception Record Address Arg4: fffff880021fc0a0, Context Record Address Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: nt!MiSegmentDelete+21 fffff800`02f2d205 418b7d0c mov edi,dword ptr [r13+0Ch] EXCEPTION_RECORD: fffff880021fc848 -- (.exr 0xfffff880021fc848) ExceptionAddress: fffff80002f2d205 (nt!MiSegmentDelete+0x0000000000000021) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff CONTEXT: fffff880021fc0a0 -- (.cxr 0xfffff880021fc0a0) rax=0000000000000000 rbx=00000000000840a1 rcx=fffffa800d4ab4c0 rdx=0000000080000000 rsi=fffffa800d4ab4c0 rdi=fffffa800d4ab4c0 rip=fffff80002f2d205 rsp=fffff880021fca80 rbp=0000000000000001 r8=0000000000000000 r9=fffff880033f3180 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=a516b0d111111111 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282 nt!MiSegmentDelete+0x21: fffff800`02f2d205 418b7d0c mov edi,dword ptr [r13+0Ch] ds:002b:a516b0d1`1111111d=???????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: ffffffffffffffff READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ec0100 ffffffffffffffff FOLLOWUP_IP: nt!MiSegmentDelete+21 fffff800`02f2d205 418b7d0c mov edi,dword ptr [r13+0Ch] BUGCHECK_STR: 0x7E LAST_CONTROL_TRANSFER: from fffff80002cdb18d to fffff80002f2d205 STACK_TEXT: fffff880`021fca80 fffff800`02cdb18d : fffffa80`0d4ab4c8 00000000`00000001 00000000`00000000 00000000`00000631 : nt!MiSegmentDelete+0x21 fffff880`021fcac0 fffff800`02cdb051 : 00000000`00000000 00000000`00000080 fffffa80`099dc040 fffffa80`00000012 : nt!MiProcessDereferenceList+0x131 fffff880`021fcb80 fffff800`02f28fee : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiDereferenceSegmentThread+0x10d fffff880`021fcc00 fffff800`02c7f5e6 : fffff880`03381180 fffffa80`09a73040 fffff880`0338bfc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a fffff880`021fcc40 00000000`00000000 : fffff880`021fd000 fffff880`021f7000 fffff880`021fc6b0 00000000`00000000 : nt!KxStartSystemThread+0x16 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!MiSegmentDelete+21 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3 STACK_COMMAND: .cxr 0xfffff880021fc0a0 ; kb IMAGE_NAME: memory_corruption FAILURE_BUCKET_ID: X64_0x7E_nt!MiSegmentDelete+21 BUCKET_ID: X64_0x7E_nt!MiSegmentDelete+21 Followup: MachineOwner ---------
    2. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\COVINGTON-PC-BSOD\Windows_NT6_BSOD_jcgriff2\122911-16442-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c03000 PsLoadedModuleList = 0xfffff800`02e48670 Debug session time: Thu Dec 29 09:57:54.612 2011 (UTC - 7:00) System Uptime: 0 days 14:33:36.814 Loading Kernel Symbols ............................................................... ................................................................ ................................... Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 3B, {c0000005, fffff88005c56fae, fffff8800cadaa60, 0} Probably caused by : ks.sys ( ks!FindAndReferenceCreateItem+2e ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff88005c56fae, Address of the instruction which caused the bugcheck Arg3: fffff8800cadaa60, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: ks!FindAndReferenceCreateItem+2e fffff880`05c56fae 48833800 cmp qword ptr [rax],0 CONTEXT: fffff8800cadaa60 -- (.cxr 0xfffff8800cadaa60) rax=fa800f14f0d004c0 rbx=fffff8a004000000 rcx=fffff8a00fc676e2 rdx=0000000000000020 rsi=0000000000000000 rdi=0000000000000000 rip=fffff88005c56fae rsp=fffff8800cadb440 rbp=0000000000000020 r8=fffffa800d0054c0 r9=fffffa800f695c60 r10=0000000000000000 r11=fffffa800eb80a70 r12=fffffa800d0054c0 r13=fffff8a00fc676e2 r14=0000000000000000 r15=fffffa800d00b610 iopl=0 nv up ei ng nz na pe cy cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010283 ks!FindAndReferenceCreateItem+0x2e: fffff880`05c56fae 48833800 cmp qword ptr [rax],0 ds:002b:fa800f14`f0d004c0=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x3B PROCESS_NAME: audiodg.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff88005c56fae STACK_TEXT: fffff880`0cadb440 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ks!FindAndReferenceCreateItem+0x2e FOLLOWUP_IP: ks!FindAndReferenceCreateItem+2e fffff880`05c56fae 48833800 cmp qword ptr [rax],0 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: ks!FindAndReferenceCreateItem+2e FOLLOWUP_NAME: MachineOwner MODULE_NAME: ks IMAGE_NAME: ks.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7a3f3 STACK_COMMAND: .cxr 0xfffff8800cadaa60 ; kb FAILURE_BUCKET_ID: X64_0x3B_ks!FindAndReferenceCreateItem+2e BUCKET_ID: X64_0x3B_ks!FindAndReferenceCreateItem+2e Followup: MachineOwner ---------
    3. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\COVINGTON-PC-BSOD\Windows_NT6_BSOD_jcgriff2\010512-10982-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c62000 PsLoadedModuleList = 0xfffff800`02ea7670 Debug session time: Thu Jan 5 19:00:41.125 2012 (UTC - 7:00) System Uptime: 7 days 9:01:28.598 Loading Kernel Symbols ............................................................... ................................................................ ............................ Loading User Symbols Loading unloaded module list ................ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck C2, {7, 109b, fdd1d1fc, fffffa800cfca4c0} Unable to load image \SystemRoot\system32\DRIVERS\MpFilter.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for MpFilter.sys *** ERROR: Module load completed but symbols could not be loaded for MpFilter.sys GetPointerFromAddress: unable to read from fffff80002f11100 GetUlongFromAddress: unable to read from fffff80002e7fa18 Probably caused by : MpFilter.sys ( MpFilter+d84d ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* BAD_POOL_CALLER (c2) The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc. Arguments: Arg1: 0000000000000007, Attempt to free pool which was already freed Arg2: 000000000000109b, (reserved) Arg3: 00000000fdd1d1fc, Memory contents of the pool block Arg4: fffffa800cfca4c0, Address of the block of pool being deallocated Debugging Details: ------------------ GetUlongFromAddress: unable to read from fffff80002e7fa18 POOL_ADDRESS: fffffa800cfca4c0 BUGCHECK_STR: 0xc2_7 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff80002e0cbe9 to fffff80002cdec40 STACK_TEXT: fffff880`02184fa8 fffff800`02e0cbe9 : 00000000`000000c2 00000000`00000007 00000000`0000109b 00000000`fdd1d1fc : nt!KeBugCheckEx fffff880`02184fb0 fffff880`03a7684d : 00000000`00000705 fffff8a0`006e43a8 fffff8a0`00312290 fffff880`011ad2c8 : nt!ExDeferredFreePool+0x1201 fffff880`02185060 00000000`00000705 : fffff8a0`006e43a8 fffff8a0`00312290 fffff880`011ad2c8 00000000`73634946 : MpFilter+0xd84d fffff880`02185068 fffff8a0`006e43a8 : fffff8a0`00312290 fffff880`011ad2c8 00000000`73634946 fffff8a0`00717d80 : 0x705 fffff880`02185070 fffff8a0`00312290 : fffff880`011ad2c8 00000000`73634946 fffff8a0`00717d80 fffffa80`0c1ddc40 : 0xfffff8a0`006e43a8 fffff880`02185078 fffff880`011ad2c8 : 00000000`73634946 fffff8a0`00717d80 fffffa80`0c1ddc40 fffff880`011b66ce : 0xfffff8a0`00312290 fffff880`02185080 fffff880`011d220d : fffff8a0`00312248 fffff880`011a8000 00000000`00000000 00000000`00000090 : fltmgr!TreeUnlinkMulti+0x148 fffff880`021850d0 fffff880`011cd311 : fffffa80`0a320800 00000000`00000130 fffff8a0`006e4140 00000000`00000000 : fltmgr! ?? ::NNGAKEGL::`string'+0x1196 fffff880`02185100 fffff880`011cd3fb : fffffa80`0a320800 fffff8a0`006e43a8 fffffa80`0a320800 fffffa80`09ab3040 : fltmgr!CleanupStreamListCtrl+0x21 fffff880`02185140 fffff800`02f9790e : 00000000`00000001 fffff800`02cbac2f 00000000`00000705 fffff880`0122ff49 : fltmgr!DeleteStreamListCtrlCallback+0x6b fffff880`02185170 fffff880`012b2bac : fffff8a0`006e4140 fffffa80`09ab3040 fffff880`02185248 00000000`00000706 : nt!FsRtlTeardownPerStreamContexts+0xe2 fffff880`021851c0 fffff880`012b7cc1 : fffffa00`01010000 00000000`00000000 00000000`00000000 00000000`00000001 : Ntfs!NtfsDeleteScb+0x108 fffff880`02185200 fffff880`0123085c : fffff8a0`006e4040 fffff8a0`006e4140 00000000`00000000 fffff880`02185372 : Ntfs!NtfsRemoveScb+0x61 fffff880`02185240 fffff880`012b564c : fffff8a0`006e4010 00000000`00000001 fffff880`02185372 fffffa80`0fb1a010 : Ntfs!NtfsPrepareFcbForRemoval+0x50 fffff880`02185270 fffff880`012370e2 : fffffa80`0fb1a010 fffffa80`0fb1a010 fffff8a0`006e4010 00000000`00000000 : Ntfs!NtfsTeardownStructures+0xdc fffff880`021852f0 fffff880`012c5193 : fffffa80`0fb1a010 00000000`00000001 fffff8a0`006e4010 00000000`00000009 : Ntfs!NtfsDecrementCloseCounts+0xa2 fffff880`02185330 fffff880`012b4357 : fffffa80`0fb1a010 fffff8a0`006e4140 fffff8a0`006e4010 fffffa80`0c44f180 : Ntfs!NtfsCommonClose+0x353 fffff880`02185400 fffff880`012a3291 : fffffa80`0c44f180 fffffa00`01000100 fffff8a0`0000fa01 00000000`00000002 : Ntfs!NtfsFspClose+0x15f fffff880`021854d0 fffff880`013789fa : fffff880`021857d0 fffffa80`0c44f180 fffff880`02185701 fffff880`01399100 : Ntfs!NtfsFlushVolume+0x75 fffff880`02185600 fffff880`0139cbc7 : fffff880`021857d0 fffffa80`0c44f180 fffffa80`0c44f180 fffffa80`0c44f180 : Ntfs!NtfsCheckpointVolumeUntilDone+0x4a fffff880`02185680 fffff880`012ef27b : fffff880`021857d0 fffffa80`0c44f180 fffffa80`0eb0fb50 fffffa80`0c44f188 : Ntfs!NtfsShutdownVolume+0xa7 fffff880`02185700 fffff880`013a4fc5 : fffff880`021857d0 00000000`00000000 fffff880`0139eae0 00000000`00000000 : Ntfs!NtfsForEachVcb+0x167 fffff880`021857a0 fffff880`011a96af : fffffa80`0a773300 fffff800`02e7f260 fffff800`02ede990 fffffa80`0eb0fb50 : Ntfs!NtfsFsdShutdown+0x145 fffff880`021859d0 fffff800`02f2942c : fffffa80`0a773990 fffff800`02e89620 00000000`00000001 00000000`00000000 : fltmgr!FltpDispatch+0x9f fffff880`02185a30 fffff800`02f295c2 : 00000000`00000001 00000000`00000001 fffff800`02e7f260 00000000`00000000 : nt!IopShutdownBaseFileSystems+0xac fffff880`02185ab0 fffff800`02f2a286 : fffff800`02f2a0a0 fffff800`02e7f260 00000000`00000001 00000000`00000001 : nt!IoShutdownSystem+0x122 fffff880`02185b30 fffff800`02ce9001 : fffff800`02f2a0a0 fffff800`02fd5901 fffffa80`09ab3000 00000000`00000004 : nt!PopGracefulShutdown+0x1e6 fffff880`02185b70 fffff800`02f79fee : 00000000`00000000 fffffa80`09ab3040 00000000`00000080 fffffa80`099eb040 : nt!ExpWorkerThread+0x111 fffff880`02185c00 fffff800`02cd05e6 : fffff880`03381180 fffffa80`09ab3040 fffff880`0338bfc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a fffff880`02185c40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16 STACK_COMMAND: kb FOLLOWUP_IP: MpFilter+d84d fffff880`03a7684d ?? ??? SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: MpFilter+d84d FOLLOWUP_NAME: MachineOwner MODULE_NAME: MpFilter IMAGE_NAME: MpFilter.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d9cc801 FAILURE_BUCKET_ID: X64_0xc2_7_MpFilter+d84d BUCKET_ID: X64_0xc2_7_MpFilter+d84d Followup: MachineOwner ---------
    Drivers that may need updating:
    Code:
    lmimirr	fffff880`05b08000	fffff880`05b0f000	Tue Apr 10 16:32:45 2007 (461c108d)	0000a04c		lmimirr.sys
    RaInfo	fffff880`05872000	fffff880`05879000	Fri Jan 04 11:57:14 2008 (477e818a)	0000d903		RaInfo.sys
    PBADRV	fffff880`01b04000	fffff880`01b10000	Mon Jan 07 12:12:13 2008 (4782798d)	000085ef		PBADRV.sys
    LMIRfsDriver	fffff880`05879000	fffff880`0588c000	Mon Jul 14 10:26:56 2008 (487b7e50)	0001e26d		LMIRfsDriver.sys
    DILLSBORO
    Code:
    1. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DILLSBORO-PC-BSOD\Windows_NT6_BSOD_jcgriff2\110211-23197-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c56000 PsLoadedModuleList = 0xfffff800`02e9b670 Debug session time: Wed Nov 2 07:15:53.720 2011 (UTC - 7:00) System Uptime: 7 days 9:56:21.776 Loading Kernel Symbols ............................................................... ................................................................ ................................. Loading User Symbols Loading unloaded module list ............ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1000007E, {ffffffffc0000005, fffff88005c5b439, fffff880035623f8, fffff88003561c50} Probably caused by : USBPORT.SYS ( USBPORT!USBPORT_StopDevice+48d ) Followup: MachineOwner --------- 4: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG. This will let us see why this breakpoint is happening. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffff88005c5b439, The address that the exception occurred at Arg3: fffff880035623f8, Exception Record Address Arg4: fffff88003561c50, Context Record Address Debugging Details: ------------------ OVERLAPPED_MODULE: Address regions for 'usbhub' and 'usbhub.sys' overlap EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: USBPORT!USBPORT_StopDevice+48d fffff880`05c5b439 ff5008 call qword ptr [rax+8] EXCEPTION_RECORD: fffff880035623f8 -- (.exr 0xfffff880035623f8) ExceptionAddress: fffff88005c5b439 (USBPORT!USBPORT_StopDevice+0x000000000000048d) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 0000000000000008 Attempt to read from address 0000000000000008 CONTEXT: fffff88003561c50 -- (.cxr 0xfffff88003561c50) rax=0000000000000000 rbx=fffffa800e3a61a0 rcx=0000000000080001 rdx=0000000000000000 rsi=fffffa800e3a6050 rdi=fffffa800e3a61a0 rip=fffff88005c5b439 rsp=fffff88003562630 rbp=fffffa800e3a7168 r8=000000004f444648 r9=0000000000000000 r10=0000000000000000 r11=fffff880009cf180 r12=000000004f444648 r13=0000000000000000 r14=0000000000000000 r15=00000000ffffffff iopl=0 nv up ei pl nz na pe nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010202 USBPORT!USBPORT_StopDevice+0x48d: fffff880`05c5b439 ff5008 call qword ptr [rax+8] ds:002b:00000000`00000008=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: System CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 0000000000000008 READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f05100 0000000000000008 FOLLOWUP_IP: USBPORT!USBPORT_StopDevice+48d fffff880`05c5b439 ff5008 call qword ptr [rax+8] BUGCHECK_STR: 0x7E DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE LAST_CONTROL_TRANSFER: from fffff88005c70cbd to fffff88005c5b439 STACK_TEXT: fffff880`03562630 fffff880`05c70cbd : fffffa80`0e38b1a0 fffffa80`2346a010 fffffa80`0e3a61a0 fffffa80`0e3a6050 : USBPORT!USBPORT_StopDevice+0x48d fffff880`035626a0 fffff880`05c5c8f5 : fffffa80`0e4604d0 fffff8a0`0c013760 fffffa80`0e3a6050 fffffa80`0e4604d0 : USBPORT!USBPORT_FdoPnP+0x3a9 fffff880`03562750 fffff800`02f3daf9 : fffff8a0`0c013760 00000000`c00000bb fffff880`03562838 fffffa80`2346a010 : USBPORT!USBPORT_DispatchPnP+0x1d fffff880`03562780 fffff800`030bbf71 : fffffa80`0e4604d0 00000000`00000000 fffffa80`0e42e230 00000000`00000801 : nt!IopSynchronousCall+0xc5 fffff880`035627f0 fffff800`02dcf133 : fffff8a0`0d003a70 fffff8a0`0d003a70 00000000`00000015 00000000`00000000 : nt!IopRemoveDevice+0x101 fffff880`035628b0 fffff800`030bbac4 : fffffa80`0e42e230 00000000`00000000 00000000`00000002 fffffa80`0e4604d0 : nt!PnpRemoveLockedDeviceNode+0x1a3 fffff880`03562900 fffff800`030bbbd0 : 00000000`00000000 fffff8a0`0d16a801 fffff8a0`0c2f1510 ffffd35c`2222c568 : nt!PnpDeleteLockedDeviceNode+0x44 fffff880`03562930 fffff800`0314ca34 : 00000000`00000002 00000000`00000000 fffffa80`0e42e230 fffff8a0`00000000 : nt!PnpDeleteLockedDeviceNodes+0xa0 fffff880`035629a0 fffff800`0314d08c : fffff880`00000000 fffffa80`10291300 fffffa80`09a86000 fffffa80`00000000 : nt!PnpProcessQueryRemoveAndEject+0xc34 fffff880`03562ae0 fffff800`0303634e : 00000000`00000000 fffffa80`10291370 fffff8a0`03a54570 00000000`00000000 : nt!PnpProcessTargetDeviceEvent+0x4c fffff880`03562b10 fffff800`02cdd001 : fffff800`02f3c998 fffff8a0`0d16a8b0 fffff800`02e732b8 fffffa80`09a86040 : nt! ?? ::NNGAKEGL::`string'+0x5b3cb fffff880`03562b70 fffff800`02f6dfee : 00000000`00000000 fffffa80`09a86040 00000000`00000080 fffffa80`099dc040 : nt!ExpWorkerThread+0x111 fffff880`03562c00 fffff800`02cc45e6 : fffff880`02174180 fffffa80`09a86040 fffff880`0217f0c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a fffff880`03562c40 00000000`00000000 : fffff880`03563000 fffff880`0355d000 fffff880`03562220 00000000`00000000 : nt!KxStartSystemThread+0x16 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: USBPORT!USBPORT_StopDevice+48d FOLLOWUP_NAME: MachineOwner MODULE_NAME: USBPORT IMAGE_NAME: USBPORT.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 4d8c0c08 STACK_COMMAND: .cxr 0xfffff88003561c50 ; kb FAILURE_BUCKET_ID: X64_0x7E_USBPORT!USBPORT_StopDevice+48d BUCKET_ID: X64_0x7E_USBPORT!USBPORT_StopDevice+48d Followup: MachineOwner ---------
    2. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DILLSBORO-PC-BSOD\Windows_NT6_BSOD_jcgriff2\010412-13244-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c4c000 PsLoadedModuleList = 0xfffff800`02e91670 Debug session time: Wed Jan 4 13:22:56.176 2012 (UTC - 7:00) System Uptime: 5 days 22:57:57.004 Loading Kernel Symbols ............................................................... ................................................................ ................................ Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {fffffffffffffffa, 2, 0, fffff80002cd82ce} Probably caused by : ntkrnlmp.exe ( nt!IopTimerDispatch+121 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: fffffffffffffffa, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff80002cd82ce, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002efb100 fffffffffffffffa CURRENT_IRQL: 2 FAULTING_IP: nt!IopTimerDispatch+121 fffff800`02cd82ce 66395ffa cmp word ptr [rdi-6],bx CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: System TRAP_FRAME: fffff80000b9c190 -- (.trap 0xfffff80000b9c190) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000002 rbx=0000000000000000 rcx=fffffa800d07ef00 rdx=fffffa800d07ed02 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002cd82ce rsp=fffff80000b9c320 rbp=0000000000000000 r8=000000004f444600 r9=0000000000000000 r10=bff807ffc2ec9f64 r11=0000000000000002 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na pe nc nt!IopTimerDispatch+0x121: fffff800`02cd82ce 66395ffa cmp word ptr [rdi-6],bx ds:0001:ffffffff`fffffffa=???? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002cc81e9 to fffff80002cc8c40 STACK_TEXT: fffff800`00b9c048 fffff800`02cc81e9 : 00000000`0000000a ffffffff`fffffffa 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff800`00b9c050 fffff800`02cc6e60 : 00000000`00000000 00000000`00000008 fffffa80`0cf4c8d0 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff800`00b9c190 fffff800`02cd82ce : 00000000`00000000 00000000`00000000 00000000`00000001 fffffa80`0d04b4c8 : nt!KiPageFault+0x260 fffff800`00b9c320 fffff800`02cd45fc : 00000000`00000002 fffff800`00b9c4c0 00000000`00000006 00000000`00000000 : nt!IopTimerDispatch+0x121 fffff800`00b9c430 fffff800`02cd4496 : fffffa80`11535010 fffffa80`11535010 00000000`00000000 00000000`00000000 : nt!KiProcessTimerDpcTable+0x6c fffff800`00b9c4a0 fffff800`02cd437e : 000004ae`536682b0 fffff800`00b9cb18 00000000`01f76aa0 fffff800`02e42688 : nt!KiProcessExpiredTimerList+0xc6 fffff800`00b9caf0 fffff800`02cd4167 : 0000018c`fae9aee0 0000018c`01f76aa0 0000018c`fae9ae76 00000000`000000a0 : nt!KiTimerExpiration+0x1be fffff800`00b9cb90 fffff800`02cc096a : fffff800`02e3ee80 fffff800`02e4ccc0 00000000`00000002 fffff880`00000000 : nt!KiRetireDpcList+0x277 fffff800`00b9cc40 00000000`00000000 : fffff800`00b9d000 fffff800`00b97000 fffff800`00b9cc00 00000000`00000000 : nt!KiIdleLoop+0x5a STACK_COMMAND: kb FOLLOWUP_IP: nt!IopTimerDispatch+121 fffff800`02cd82ce 66395ffa cmp word ptr [rdi-6],bx SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!IopTimerDispatch+121 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3 FAILURE_BUCKET_ID: X64_0xA_nt!IopTimerDispatch+121 BUCKET_ID: X64_0xA_nt!IopTimerDispatch+121 Followup: MachineOwner ---------
    3. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DILLSBORO-PC-BSOD\Windows_NT6_BSOD_jcgriff2\010512-15522-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c0c000 PsLoadedModuleList = 0xfffff800`02e51670 Debug session time: Thu Jan 5 14:03:23.861 2012 (UTC - 7:00) System Uptime: 1 days 0:39:13.562 Loading Kernel Symbols ............................................................... ................................................................ ................................. Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 3B, {c0000005, fffff80002c47f80, fffff8800842eb40, 0} Probably caused by : ntkrnlmp.exe ( nt!WmipDoFindRegEntryByProviderId+10 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff80002c47f80, Address of the instruction which caused the bugcheck Arg3: fffff8800842eb40, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: nt!WmipDoFindRegEntryByProviderId+10 fffff800`02c47f80 394830 cmp dword ptr [rax+30h],ecx CONTEXT: fffff8800842eb40 -- (.cxr 0xfffff8800842eb40) rax=3333333333333360 rbx=000000000000003b rcx=000000000000003b rdx=fffff80002dfa460 rsi=0000000000000000 rdi=fffff8800842f6d0 rip=fffff80002c47f80 rsp=fffff8800842f528 rbp=fffffa800f02e960 r8=fffff78000000008 r9=0000000000000000 r10=0000000000000000 r11=fffff88003181180 r12=0000000000000001 r13=0000000000000001 r14=fffff8a00ee1f380 r15=fffff8800842f6e8 iopl=0 nv up ei pl nz na po cy cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010207 nt!WmipDoFindRegEntryByProviderId+0x10: fffff800`02c47f80 394830 cmp dword ptr [rax+30h],ecx ds:002b:33333333`33333390=???????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x3B PROCESS_NAME: WmiPrvSE.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002c47f80 STACK_TEXT: fffff880`0842f528 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!WmipDoFindRegEntryByProviderId+0x10 FOLLOWUP_IP: nt!WmipDoFindRegEntryByProviderId+10 fffff800`02c47f80 394830 cmp dword ptr [rax+30h],ecx SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!WmipDoFindRegEntryByProviderId+10 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3 STACK_COMMAND: .cxr 0xfffff8800842eb40 ; kb FAILURE_BUCKET_ID: X64_0x3B_nt!WmipDoFindRegEntryByProviderId+10 BUCKET_ID: X64_0x3B_nt!WmipDoFindRegEntryByProviderId+10 Followup: MachineOwner ---------
    4. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DILLSBORO-PC-BSOD\Windows_NT6_BSOD_jcgriff2\010812-10810-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c14000 PsLoadedModuleList = 0xfffff800`02e59670 Debug session time: Sun Jan 8 15:07:40.515 2012 (UTC - 7:00) System Uptime: 2 days 20:02:46.551 Loading Kernel Symbols ............................................................... ................................................................ ....................... Loading User Symbols Loading unloaded module list ....... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck E4, {1, fffffa800d0404c0, 1, 0} Probably caused by : usbhub.sys ( usbhub!UsbhHubQueueProcessChangeWorker+77 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* WORKER_INVALID (e4) A executive worker item was found in memory which must not contain such items or a work item was queued that is currently active in the system. Usually this is memory being freed. This is usually caused by a device driver that has not cleaned up properly before freeing memory. Arguments: Arg1: 0000000000000001, Queuing of active worker item Arg2: fffffa800d0404c0, Address of worker item Arg3: 0000000000000001, Queue number Arg4: 0000000000000000, 0 Debugging Details: ------------------ CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xE4 PROCESS_NAME: System CURRENT_IRQL: 2 LAST_CONTROL_TRANSFER: from fffff80002c4c59a to fffff80002c90c40 STACK_TEXT: fffff880`0330d328 fffff800`02c4c59a : 00000000`000000e4 00000000`00000001 fffffa80`0d0404c0 00000000`00000001 : nt!KeBugCheckEx fffff880`0330d330 fffff880`05d2cbc7 : fffffa80`0d95fb20 fffffa80`0d95fb20 fffffa80`0d178000 00000000`00000002 : nt! ?? ::FNODOBFM::`string'+0x104aa fffff880`0330d370 fffff880`05d27362 : fffffa80`0d95fb20 fffffa80`0d178050 fffffa80`0d178050 fffffa80`63654448 : usbhub!UsbhHubQueueProcessChangeWorker+0x77 fffff880`0330d3b0 fffff880`05d25bef : 00000000`00000000 fffffa80`50447100 fffffa80`0d95fb20 fffff880`00100000 : usbhub!Usbh_PCE_Enable_Action+0x212 fffff880`0330d400 fffff880`05d2a900 : fffffa80`0d178050 00000000`00000001 fffffa80`0d178918 00000000`00000002 : usbhub!UsbhDispatch_PortChangeQueueEventEx+0x123 fffff880`0330d440 fffff880`05d22feb : 00000000`00000002 fffffa80`0d178918 00000000`00000000 fffff800`00000000 : usbhub!UsbhPCE_Enable+0xb0 fffff880`0330d490 fffff880`05d22850 : 00000000`00000003 fffffa80`0d1781a0 fffffa80`0d178050 00000000`00000008 : usbhub!UsbhBusResume_Action+0x8f fffff880`0330d4d0 fffff880`05d22ea3 : fffffa80`0d1781a0 00000000`00000008 fffffa80`0d178050 00000000`00000000 : usbhub!UsbhReleaseBusStateLock+0x50 fffff880`0330d500 fffff880`05d239a6 : fffffa80`0d178918 fffffa80`0d1781a0 fffffa80`0d178050 fffffa80`09fc6538 : usbhub!UsbhDispatch_BusEvent+0x1fb fffff880`0330d550 fffff880`05d54a75 : 00000000`00000000 fffff880`6e447352 00000000`00000000 fffffa80`0d173000 : usbhub!UsbhSyncBusResume+0x42 fffff880`0330d590 fffff880`05d53a9e : 00000000`00000000 fffffa80`0d1781a0 fffffa80`0d1781a0 fffffa80`0d178050 : usbhub!UsbhSshResumeDownstream+0x59 fffff880`0330d610 fffff880`05d53473 : 00000000`00000008 00000000`00000001 fffffa80`0d178050 00000000`00000000 : usbhub!Usbh_SSH_HubPendingResume+0xb6 fffff880`0330d650 fffff880`05d1c0ad : fffffa80`09fc6390 fffffa80`0cc43050 fffffa80`0d173050 fffffa80`0d178050 : usbhub!Usbh_SSH_Event+0x10b fffff880`0330d680 fffff880`05d1bfdf : fffffa80`09fc6390 fffffa80`0d173050 00000000`00000778 fffffa80`0d1731a0 : usbhub!UsbhFdoInternalDeviceControl+0x75 fffff880`0330d6c0 fffff880`05a87459 : fffffa80`0cf3edf0 fffffa80`0d178050 00000000`00000000 fffffa80`0d173050 : usbhub!UsbhGenDispatch+0x7f fffff880`0330d6f0 fffff880`05a87363 : fffffa80`0cf3edf0 fffffa80`0cc43050 fffffa80`0cc431a0 00000000`00000000 : USBPORT!USBPORT_SendSynchronousUsbIoctlRequest+0xd1 fffff880`0330d780 fffff880`05d54949 : 00000000`00000000 fffffa80`0d1781a0 fffffa80`0d178918 fffffa80`0d178050 : USBPORT!USBPORTBUSIF_ResumeRootHub+0x19f fffff880`0330d7d0 fffff880`05d53993 : 00000000`00000000 00000000`00000001 fffff800`00000003 fffffa80`0d178050 : usbhub!UsbhSshResumeUpstream+0x79 fffff880`0330d830 fffff880`05d53482 : 00000000`00000006 fffffa80`0d178050 fffff880`0330d868 00000000`00000030 : usbhub!Usbh_SSH_HubSuspended+0xd3 fffff880`0330d860 fffff880`05d46f79 : fffffa80`0d178050 fffffa80`0db2e1a0 fffffa80`0d97d060 fffffa80`0d97d1b0 : usbhub!Usbh_SSH_Event+0x11a fffff880`0330d890 fffff880`05d54949 : 00000000`00000000 fffffa80`0db2e1a0 fffffa80`0db2e708 fffffa80`0db2e050 : usbhub!UsbhBusIf_ResumeChildHub+0x65 fffff880`0330d8d0 fffff880`05d53993 : 00000000`00000000 00000000`00000001 fffff800`00000003 fffffa80`0db2e050 : usbhub!UsbhSshResumeUpstream+0x79 fffff880`0330d930 fffff880`05d53482 : 00000000`00000006 fffffa80`0db2e050 fffffa80`0db2e050 fffffa80`0db2e050 : usbhub!Usbh_SSH_HubSuspended+0xd3 fffff880`0330d960 fffff880`05d5320e : fffffa80`0e493c60 fffffa80`0db2e050 fffffa80`0db2e050 fffffa80`0e493c88 : usbhub!Usbh_SSH_Event+0x11a fffff880`0330d990 fffff880`05d35cd8 : fffffa80`0db2e1a0 00000000`00000006 fffffa80`0db2e050 00000000`000007ff : usbhub!UsbhIncHubBusy+0x116 fffff880`0330d9f0 fffff880`05d367f9 : fffffa80`0db2e708 00000000`00000006 fffffa80`0ff0f2b0 fffffa80`0db2e050 : usbhub!UsbhFdoSetPowerSx_Action+0x9c fffff880`0330da40 fffff880`05d35789 : fffffa80`0ff0f530 fffffa80`0db2e1a0 fffffa80`0db2e050 fffffa80`0e976050 : usbhub!UsbhFdoSystemPowerState+0x435 fffff880`0330daa0 fffff880`05d34a3b : fffffa80`0ff0f2b0 00000000`00000000 fffffa80`0db2e050 fffffa80`0e98d050 : usbhub!UsbhFdoPower_SetPower+0x9d fffff880`0330dae0 fffff880`05d1bfdf : 00000000`00000001 fffffa80`0db2e050 00000000`00000000 fffffa80`0ec33c60 : usbhub!UsbhFdoPower+0xaf fffff880`0330db20 fffff800`02da6f65 : 00000000`00000000 00000000`00000002 00000000`00000001 fffffa80`0ff0f358 : usbhub!UsbhGenDispatch+0x7f fffff880`0330db50 fffff800`02f2bfee : 00000000`00000000 fffffa80`09a40b60 00000000`00000080 2e876a21`48452819 : nt!PopIrpWorker+0x3c5 fffff880`0330dc00 fffff800`02c825e6 : fffff880`0330f180 fffffa80`09a40b60 fffff880`0331a0c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a fffff880`0330dc40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16 STACK_COMMAND: kb FOLLOWUP_IP: usbhub!UsbhHubQueueProcessChangeWorker+77 fffff880`05d2cbc7 488d8b78090000 lea rcx,[rbx+978h] SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: usbhub!UsbhHubQueueProcessChangeWorker+77 FOLLOWUP_NAME: MachineOwner MODULE_NAME: usbhub IMAGE_NAME: usbhub.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d8c0b08 FAILURE_BUCKET_ID: X64_0xE4_usbhub!UsbhHubQueueProcessChangeWorker+77 BUCKET_ID: X64_0xE4_usbhub!UsbhHubQueueProcessChangeWorker+77 Followup: MachineOwner ---------
    Drivers that may need updating:
    Code:
    lmimirr	fffff880`05b1c000	fffff880`05b23000	Tue Apr 10 16:32:45 2007 (461c108d)	0000a04c		lmimirr.sys
    RaInfo	fffff880`03c82000	fffff880`03c89000	Fri Jan 04 11:57:14 2008 (477e818a)	0000d903		RaInfo.sys
    PBADRV	fffff880`01b1a000	fffff880`01b26000	Mon Jan 07 12:12:13 2008 (4782798d)	000085ef		PBADRV.sys
    LMIRfsDriver	fffff880`03c89000	fffff880`03c9c000	Mon Jul 14 10:26:56 2008 (487b7e50)	0001e26d		LMIRfsDriver.sys
    DUNELAND
    Code:
    1. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\111011-22869-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c0e000 PsLoadedModuleList = 0xfffff800`02e53670 Debug session time: Thu Nov 10 02:15:35.378 2011 (UTC - 7:00) System Uptime: 2 days 21:03:13.580 Loading Kernel Symbols ............................................................... ................................................................ ........................... Loading User Symbols Loading unloaded module list ....... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 19, {20, fffffa800d40c4c0, fffffa800d40c950, 94492492} GetPointerFromAddress: unable to read from fffff80002ebd100 GetUlongFromAddress: unable to read from fffff80002e2ba18 Probably caused by : ntkrnlmp.exe ( nt!FsRtlTeardownPerStreamContexts+e2 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* BAD_POOL_HEADER (19) The pool is already corrupt at the time of the current request. This may or may not be due to the caller. The internal pool links must be walked to figure out a possible cause of the problem, and then special pool applied to the suspect tags or the driver verifier to a suspect driver. Arguments: Arg1: 0000000000000020, a pool block header size is corrupt. Arg2: fffffa800d40c4c0, The pool entry we were looking for within the page. Arg3: fffffa800d40c950, The next pool entry. Arg4: 0000000094492492, (reserved) Debugging Details: ------------------ GetUlongFromAddress: unable to read from fffff80002e2ba18 BUGCHECK_STR: 0x19_20 POOL_ADDRESS: fffffa800d40c4c0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff80002db8cae to fffff80002c8ac40 STACK_TEXT: fffff880`021850b8 fffff800`02db8cae : 00000000`00000019 00000000`00000020 fffffa80`0d40c4c0 fffffa80`0d40c950 : nt!KeBugCheckEx fffff880`021850c0 fffff800`02f4390e : 00000000`00000705 00003450`13ed96df fffff8a0`53924924 fffff880`01239f49 : nt!ExDeferredFreePool+0x12da fffff880`02185170 fffff880`012bcbac : fffff8a0`04f04890 fffffa80`09ab3040 fffff880`02185248 00000000`00000706 : nt!FsRtlTeardownPerStreamContexts+0xe2 fffff880`021851c0 fffff880`012c1cc1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : Ntfs!NtfsDeleteScb+0x108 fffff880`02185200 fffff880`0123a85c : fffff8a0`04f04790 fffff8a0`04f04890 00000000`00000000 00000000`000004d0 : Ntfs!NtfsRemoveScb+0x61 fffff880`02185240 fffff880`012bf64c : fffff8a0`04f04760 00000000`00000001 fffff880`02185372 fffffa80`0a318370 : Ntfs!NtfsPrepareFcbForRemoval+0x50 fffff880`02185270 fffff880`012410e2 : fffffa80`0a318370 fffffa80`0a318370 fffff8a0`04f04760 00000000`00000000 : Ntfs!NtfsTeardownStructures+0xdc fffff880`021852f0 fffff880`012cf193 : fffffa80`0a318370 00000000`00000001 fffff8a0`04f04760 00000000`00000009 : Ntfs!NtfsDecrementCloseCounts+0xa2 fffff880`02185330 fffff880`012be357 : fffffa80`0a318370 fffff8a0`04f04890 fffff8a0`04f04760 fffffa80`0cedc180 : Ntfs!NtfsCommonClose+0x353 fffff880`02185400 fffff880`012ad291 : fffffa80`0cedc180 00000000`01000100 fffff8a0`0000ea01 00000000`00000002 : Ntfs!NtfsFspClose+0x15f fffff880`021854d0 fffff880`013829fa : fffff880`021857d0 fffffa80`0cedc180 fffff880`02185701 fffff880`013a3100 : Ntfs!NtfsFlushVolume+0x75 fffff880`02185600 fffff880`013a6bc7 : fffff880`021857d0 fffffa80`0cedc180 fffffa80`0cedc180 fffffa80`0cedc180 : Ntfs!NtfsCheckpointVolumeUntilDone+0x4a fffff880`02185680 fffff880`012f927b : fffff880`021857d0 fffffa80`0cedc180 fffffa80`0e9b8010 fffffa80`0cedc188 : Ntfs!NtfsShutdownVolume+0xa7 fffff880`02185700 fffff880`013aefc5 : fffff880`021857d0 00000000`00000000 fffff880`013a8ae0 00000000`00000000 : Ntfs!NtfsForEachVcb+0x167 fffff880`021857a0 fffff880`0119f6af : fffffa80`0c0ce4b0 fffff800`02e2b260 fffff800`02e8a990 fffffa80`0e9b8010 : Ntfs!NtfsFsdShutdown+0x145 fffff880`021859d0 fffff800`02ed542c : fffffa80`0c0cebd0 fffff800`02e35620 00000000`00000001 00000000`00000000 : fltmgr!FltpDispatch+0x9f fffff880`02185a30 fffff800`02ed55c2 : 00000000`00000001 00000000`00000001 fffff800`02e2b260 00000000`00000000 : nt!IopShutdownBaseFileSystems+0xac fffff880`02185ab0 fffff800`02ed6286 : fffff800`02ed60a0 fffff800`02e2b260 00000000`00000001 00000000`00000001 : nt!IoShutdownSystem+0x122 fffff880`02185b30 fffff800`02c95001 : fffff800`02ed60a0 fffff800`02e2b201 fffff800`02e8c800 00000000`00000004 : nt!PopGracefulShutdown+0x1e6 fffff880`02185b70 fffff800`02f25fee : 00000000`00000000 fffffa80`09ab3040 00000000`00000080 fffffa80`099eb040 : nt!ExpWorkerThread+0x111 fffff880`02185c00 fffff800`02c7c5e6 : fffff880`03381180 fffffa80`09ab3040 fffff880`0338bfc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a fffff880`02185c40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16 STACK_COMMAND: kb FOLLOWUP_IP: nt!FsRtlTeardownPerStreamContexts+e2 fffff800`02f4390e 448a5e07 mov r11b,byte ptr [rsi+7] SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: nt!FsRtlTeardownPerStreamContexts+e2 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3 FAILURE_BUCKET_ID: X64_0x19_20_nt!FsRtlTeardownPerStreamContexts+e2 BUCKET_ID: X64_0x19_20_nt!FsRtlTeardownPerStreamContexts+e2 Followup: MachineOwner ---------
    2. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\120811-10108-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c60000 PsLoadedModuleList = 0xfffff800`02ea5670 Debug session time: Thu Dec 8 06:31:56.256 2011 (UTC - 7:00) System Uptime: 0 days 10:11:45.458 Loading Kernel Symbols ............................................................... ................................................................ ............................... Loading User Symbols Loading unloaded module list . Unable to load image \SystemRoot\system32\drivers\RTDVHD64.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for RTDVHD64.sys *** ERROR: Module load completed but symbols could not be loaded for RTDVHD64.sys ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1000007E, {ffffffffc0000005, fffff88005f4d8a9, fffff8800476a748, fffff88004769fa0} Probably caused by : RTDVHD64.sys ( RTDVHD64+1458a9 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG. This will let us see why this breakpoint is happening. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffff88005f4d8a9, The address that the exception occurred at Arg3: fffff8800476a748, Exception Record Address Arg4: fffff88004769fa0, Context Record Address Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: RTDVHD64+1458a9 fffff880`05f4d8a9 ff5060 call qword ptr [rax+60h] EXCEPTION_RECORD: fffff8800476a748 -- (.exr 0xfffff8800476a748) ExceptionAddress: fffff88005f4d8a9 (RTDVHD64+0x00000000001458a9) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff CONTEXT: fffff88004769fa0 -- (.cxr 0xfffff88004769fa0) rax=9c74979a72959a72 rbx=fffffa800d074530 rcx=fffffa800d06e4c0 rdx=fffffa800d09b4d0 rsi=fffffa800d1fd000 rdi=fffffa800d1fd000 rip=fffff88005f4d8a9 rsp=fffff8800476a980 rbp=0000000000000000 r8=fffff88005ebfef8 r9=fffff80002e52e80 r10=0000000000000009 r11=fffffa800d0a4580 r12=0000000000000000 r13=0000000000000001 r14=0000000000000004 r15=0000000000000001 iopl=0 nv up ei ng nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286 RTDVHD64+0x1458a9: fffff880`05f4d8a9 ff5060 call qword ptr [rax+60h] ds:002b:9c74979a`72959ad2=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: ffffffffffffffff READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f0f100 ffffffffffffffff FOLLOWUP_IP: RTDVHD64+1458a9 fffff880`05f4d8a9 ff5060 call qword ptr [rax+60h] BUGCHECK_STR: 0x7E LAST_CONTROL_TRANSFER: from 8000000000000000 to fffff88005f4d8a9 STACK_TEXT: fffff880`0476a980 80000000`00000000 : 00000000`00000000 fffffa80`0d083500 fffff880`05e0ade8 00000000`00000009 : RTDVHD64+0x1458a9 fffff880`0476a988 00000000`00000000 : fffffa80`0d083500 fffff880`05e0ade8 00000000`00000009 fffffa80`0d0a49c0 : 0x80000000`00000000 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: RTDVHD64+1458a9 FOLLOWUP_NAME: MachineOwner MODULE_NAME: RTDVHD64 IMAGE_NAME: RTDVHD64.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4c8eefa2 STACK_COMMAND: .cxr 0xfffff88004769fa0 ; kb FAILURE_BUCKET_ID: X64_0x7E_RTDVHD64+1458a9 BUCKET_ID: X64_0x7E_RTDVHD64+1458a9 Followup: MachineOwner ---------
    3. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\121211-11824-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c00000 PsLoadedModuleList = 0xfffff800`02e45670 Debug session time: Mon Dec 12 11:34:23.987 2011 (UTC - 7:00) System Uptime: 2 days 23:46:51.189 Loading Kernel Symbols ............................................................... ................................................................ ................................. Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 3B, {c0000005, fffff80002c3bf80, fffff8800d18cb40, 0} Probably caused by : ntkrnlmp.exe ( nt!WmipDoFindRegEntryByProviderId+10 ) Followup: MachineOwner --------- 3: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff80002c3bf80, Address of the instruction which caused the bugcheck Arg3: fffff8800d18cb40, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: nt!WmipDoFindRegEntryByProviderId+10 fffff800`02c3bf80 394830 cmp dword ptr [rax+30h],ecx CONTEXT: fffff8800d18cb40 -- (.cxr 0xfffff8800d18cb40) rax=ff847fb083ff1a9b rbx=0000000000000044 rcx=0000000000000044 rdx=fffff80002dee460 rsi=0000000000000000 rdi=fffff8800d18d6d0 rip=fffff80002c3bf80 rsp=fffff8800d18d528 rbp=fffffa800f80e010 r8=fffff78000000008 r9=0000000000000000 r10=0000000000000000 r11=fffff880033f3180 r12=0000000000000001 r13=0000000000000001 r14=fffff8a012112d78 r15=fffff8800d18d6e8 iopl=0 nv up ei ng nz na pe cy cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010283 nt!WmipDoFindRegEntryByProviderId+0x10: fffff800`02c3bf80 394830 cmp dword ptr [rax+30h],ecx ds:002b:ff847fb0`83ff1acb=???????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x3B PROCESS_NAME: WmiPrvSE.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002c3bf80 STACK_TEXT: fffff880`0d18d528 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!WmipDoFindRegEntryByProviderId+0x10 FOLLOWUP_IP: nt!WmipDoFindRegEntryByProviderId+10 fffff800`02c3bf80 394830 cmp dword ptr [rax+30h],ecx SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!WmipDoFindRegEntryByProviderId+10 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3 STACK_COMMAND: .cxr 0xfffff8800d18cb40 ; kb FAILURE_BUCKET_ID: X64_0x3B_nt!WmipDoFindRegEntryByProviderId+10 BUCKET_ID: X64_0x3B_nt!WmipDoFindRegEntryByProviderId+10 Followup: MachineOwner ---------
    4. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\121311-10389-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c64000 PsLoadedModuleList = 0xfffff800`02ea9670 Debug session time: Tue Dec 13 09:39:57.874 2011 (UTC - 7:00) System Uptime: 0 days 22:04:11.702 Loading Kernel Symbols ............................................................... ................................................................ .............................. Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 3B, {c0000005, fffff80002c9ff80, fffff88009c93b40, 0} Probably caused by : ntkrnlmp.exe ( nt!WmipDoFindRegEntryByProviderId+10 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff80002c9ff80, Address of the instruction which caused the bugcheck Arg3: fffff88009c93b40, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: nt!WmipDoFindRegEntryByProviderId+10 fffff800`02c9ff80 394830 cmp dword ptr [rax+30h],ecx CONTEXT: fffff88009c93b40 -- (.cxr 0xfffff88009c93b40) rax=24a0000000000000 rbx=0000000000000042 rcx=0000000000000042 rdx=fffff80002e52460 rsi=0000000000000000 rdi=fffff88009c946d0 rip=fffff80002c9ff80 rsp=fffff88009c94528 rbp=fffffa800e91bbe0 r8=fffff78000000008 r9=0000000000000000 r10=0000000000000000 r11=fffff88003181180 r12=0000000000000001 r13=0000000000000001 r14=fffff8a00fb99a70 r15=fffff88009c946e8 iopl=0 nv up ei pl nz na po cy cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010207 nt!WmipDoFindRegEntryByProviderId+0x10: fffff800`02c9ff80 394830 cmp dword ptr [rax+30h],ecx ds:002b:24a00000`00000030=???????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x3B PROCESS_NAME: WmiPrvSE.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002c9ff80 STACK_TEXT: fffff880`09c94528 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!WmipDoFindRegEntryByProviderId+0x10 FOLLOWUP_IP: nt!WmipDoFindRegEntryByProviderId+10 fffff800`02c9ff80 394830 cmp dword ptr [rax+30h],ecx SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!WmipDoFindRegEntryByProviderId+10 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3 STACK_COMMAND: .cxr 0xfffff88009c93b40 ; kb FAILURE_BUCKET_ID: X64_0x3B_nt!WmipDoFindRegEntryByProviderId+10 BUCKET_ID: X64_0x3B_nt!WmipDoFindRegEntryByProviderId+10 Followup: MachineOwner ---------
    5. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\121511-11840-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c1d000 PsLoadedModuleList = 0xfffff800`02e62670 Debug session time: Thu Dec 15 15:36:40.020 2011 (UTC - 7:00) System Uptime: 1 days 18:47:24.222 Loading Kernel Symbols ............................................................... ................................................................ .................................. Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 3B, {c0000005, fffff80002c58f80, fffff8800a682b40, 0} Probably caused by : ntkrnlmp.exe ( nt!WmipDoFindRegEntryByProviderId+10 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff80002c58f80, Address of the instruction which caused the bugcheck Arg3: fffff8800a682b40, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: nt!WmipDoFindRegEntryByProviderId+10 fffff800`02c58f80 394830 cmp dword ptr [rax+30h],ecx CONTEXT: fffff8800a682b40 -- (.cxr 0xfffff8800a682b40) rax=8888888800000000 rbx=0000000000000043 rcx=0000000000000043 rdx=fffff80002e0b460 rsi=0000000000000000 rdi=fffff8800a6836d0 rip=fffff80002c58f80 rsp=fffff8800a683528 rbp=fffffa800ffc7780 r8=fffff78000000008 r9=0000000000000000 r10=0000000000000000 r11=fffff80002e0fe80 r12=0000000000000001 r13=0000000000000001 r14=fffff8800a683650 r15=fffff8800a6836e8 iopl=0 nv up ei ng nz na po cy cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010287 nt!WmipDoFindRegEntryByProviderId+0x10: fffff800`02c58f80 394830 cmp dword ptr [rax+30h],ecx ds:002b:88888888`00000030=???????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x3B PROCESS_NAME: WmiPrvSE.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002c58f80 STACK_TEXT: fffff880`0a683528 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!WmipDoFindRegEntryByProviderId+0x10 FOLLOWUP_IP: nt!WmipDoFindRegEntryByProviderId+10 fffff800`02c58f80 394830 cmp dword ptr [rax+30h],ecx SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!WmipDoFindRegEntryByProviderId+10 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3 STACK_COMMAND: .cxr 0xfffff8800a682b40 ; kb FAILURE_BUCKET_ID: X64_0x3B_nt!WmipDoFindRegEntryByProviderId+10 BUCKET_ID: X64_0x3B_nt!WmipDoFindRegEntryByProviderId+10 Followup: MachineOwner ---------
    6. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\122111-15865-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c50000 PsLoadedModuleList = 0xfffff800`02e95670 Debug session time: Wed Dec 21 11:50:51.210 2011 (UTC - 7:00) System Uptime: 0 days 1:49:57.038 Loading Kernel Symbols ............................................................... ................................................................ ................................. Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 19, {21, fffffa800cffb000, 24a0, c0c0c0c0c0} Unable to load image \SystemRoot\system32\DRIVERS\agnfilt.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for agnfilt.sys *** ERROR: Module load completed but symbols could not be loaded for agnfilt.sys Probably caused by : agnfilt.sys ( agnfilt+1b08 ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* BAD_POOL_HEADER (19) The pool is already corrupt at the time of the current request. This may or may not be due to the caller. The internal pool links must be walked to figure out a possible cause of the problem, and then special pool applied to the suspect tags or the driver verifier to a suspect driver. Arguments: Arg1: 0000000000000021, the data following the pool block being freed is corrupt. Typically this means the consumer (call stack ) has overrun the block. Arg2: fffffa800cffb000, The pool pointer being freed. Arg3: 00000000000024a0, The number of bytes allocated for the pool block. Arg4: 000000c0c0c0c0c0, The corrupted value found following the pool block. Debugging Details: ------------------ BUGCHECK_STR: 0x19_21 POOL_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eff100 fffffa800cffb000 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: msiexec.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff80002dfa9b2 to fffff80002cccc40 STACK_TEXT: fffff880`0a8c6598 fffff800`02dfa9b2 : 00000000`00000019 00000000`00000021 fffffa80`0cffb000 00000000`000024a0 : nt!KeBugCheckEx fffff880`0a8c65a0 fffff880`01480b08 : 00000000`00000001 fffff880`01727110 fffffa80`66747441 fffffa80`00000000 : nt!ExDeferredFreePool+0xfaa fffff880`0a8c6650 00000000`00000001 : fffff880`01727110 fffffa80`66747441 fffffa80`00000000 fffffa80`09c50e70 : agnfilt+0x1b08 fffff880`0a8c6658 fffff880`01727110 : fffffa80`66747441 fffffa80`00000000 fffffa80`09c50e70 fffff880`01714526 : 0x1 fffff880`0a8c6660 fffffa80`66747441 : fffffa80`00000000 fffffa80`09c50e70 fffff880`01714526 00000000`00000001 : ndis!WPP_GLOBAL_Control fffff880`0a8c6668 fffffa80`00000000 : fffffa80`09c50e70 fffff880`01714526 00000000`00000001 fffffa80`0cb041a0 : 0xfffffa80`66747441 fffff880`0a8c6670 fffffa80`09c50e70 : fffff880`01714526 00000000`00000001 fffffa80`0cb041a0 fffffa80`09c50e00 : 0xfffffa80`00000000 fffff880`0a8c6678 fffff880`01714526 : 00000000`00000001 fffffa80`0cb041a0 fffffa80`09c50e00 00000000`00000000 : 0xfffffa80`09c50e70 fffff880`0a8c6680 fffff880`0177d1c3 : fffffa80`0cde4860 fffffa80`0c3e7700 fffffa80`0cde4800 fffffa80`0cb04100 : ndis!ndisDetachFilter+0x436 fffff880`0a8c6760 fffff880`0177190f : fffffa80`0c3e7700 00000000`00000000 fffff8a0`00004e01 fffffa80`0c5d2670 : ndis!ndisHandleFilterDetachNotification+0x1f3 fffff880`0a8c67f0 fffff880`0176399f : 00000000`c0000023 fffffa80`0c3e7700 00000000`000000f9 fffffa80`0c3e7700 : ndis! ?? ::LNCPHCLB::`string'+0x660c fffff880`0a8c6830 fffff880`01763c91 : fffffa80`0ccaf750 fffffa80`0ccaf750 fffffa80`0c0f9e40 00000000`00000000 : ndis!ndisHandlePnPRequest+0x11f fffff880`0a8c68a0 fffff800`02fe7a97 : fffffa80`0c45d070 fffff880`0a8c6b60 fffff880`0a8c6b60 fffffa80`0c45d070 : ndis!ndisDispatchRequest+0x111 fffff880`0a8c68d0 fffff800`02fe82f6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607 fffff880`0a8c6a00 fffff800`02ccbed3 : fffffa80`09ebc4b0 fffff880`0a8c6b60 fffffa80`09ebc4b0 fffff800`02fc44f4 : nt!NtDeviceIoControlFile+0x56 fffff880`0a8c6a70 00000000`7735138a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`0290ed28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7735138a STACK_COMMAND: kb FOLLOWUP_IP: agnfilt+1b08 fffff880`01480b08 ?? ??? SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: agnfilt+1b08 FOLLOWUP_NAME: MachineOwner MODULE_NAME: agnfilt IMAGE_NAME: agnfilt.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4c602418 FAILURE_BUCKET_ID: X64_0x19_21_agnfilt+1b08 BUCKET_ID: X64_0x19_21_agnfilt+1b08 Followup: MachineOwner ---------
    7. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\122211-11949-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c0e000 PsLoadedModuleList = 0xfffff800`02e53670 Debug session time: Thu Dec 22 08:05:05.718 2011 (UTC - 7:00) System Uptime: 0 days 19:17:33.920 Loading Kernel Symbols ............................................................... ................................................................ .................................. Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1000007E, {ffffffffc0000005, fffff80002c0f530, fffff880021a8118, fffff880021a7970} Probably caused by : WSDPrint.sys ( WSDPrint!WSDPrintDispatchPnp+eb ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG. This will let us see why this breakpoint is happening. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffff80002c0f530, The address that the exception occurred at Arg3: fffff880021a8118, Exception Record Address Arg4: fffff880021a7970, Context Record Address Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: nt!WmipDoFindRegEntryByDevice+10 fffff800`02c0f530 48394810 cmp qword ptr [rax+10h],rcx EXCEPTION_RECORD: fffff880021a8118 -- (.exr 0xfffff880021a8118) ExceptionAddress: fffff80002c0f530 (nt!WmipDoFindRegEntryByDevice+0x0000000000000010) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 0000000000000010 Attempt to read from address 0000000000000010 CONTEXT: fffff880021a7970 -- (.cxr 0xfffff880021a7970) rax=0000000000000000 rbx=fffffa8009d9c6a0 rcx=fffffa8009d9c6a0 rdx=fffff80002dfc460 rsi=0000000000000000 rdi=fffffa8009d9c6a0 rip=fffff80002c0f530 rsp=fffff880021a8358 rbp=fffffa8009d9c6a0 r8=fffff78000000008 r9=0000000000000000 r10=0000000000000000 r11=fffff8800330f180 r12=0000000000000000 r13=0000000000000000 r14=fffff880078c9150 r15=fffff88000f160f0 iopl=0 nv up ei pl nz na po cy cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010207 nt!WmipDoFindRegEntryByDevice+0x10: fffff800`02c0f530 48394810 cmp qword ptr [rax+10h],rcx ds:002b:00000000`00000010=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: System CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 0000000000000010 READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ebd100 0000000000000010 FOLLOWUP_IP: WSDPrint!WSDPrintDispatchPnp+eb fffff880`078cd27b 488bcf mov rcx,rdi BUGCHECK_STR: 0x7E DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE LAST_CONTROL_TRANSFER: from fffff8000301863d to fffff80002c0f530 STACK_TEXT: fffff880`021a8358 fffff800`0301863d : fffffa80`09dc0400 0000057f`f623fb00 fffff880`0330f180 00000000`00000000 : nt!WmipDoFindRegEntryByDevice+0x10 fffff880`021a8360 fffff800`030af658 : 00000000`75626d75 00000000`00000000 fffff880`021a8410 fffff880`00ec64e5 : nt!WmipFindRegEntryByDevice+0x1d fffff880`021a8390 fffff800`030b536e : fffffa80`09dd68a0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!WmipDeregisterDevice+0x28 fffff880`021a83c0 fffff880`00ee5bc4 : fffffa80`09dd68a0 00000000`00000100 00000000`0000012b fffffa80`09d9c901 : nt!IoWMIRegistrationControl+0xde fffff880`021a83f0 fffff880`00f082d6 : 00000000`00000008 fffffa80`09d9c980 00000000`00000008 fffff880`021a84f8 : Wdf01000!FxWmiIrpHandler::Deregister+0xf0 fffff880`021a8450 fffff880`00f08854 : fffffa80`09d9c980 00000000`0000012b 00000000`0000012b 00000000`00000000 : Wdf01000!FxPkgPnp::PnpCleanupForRemove+0x2a fffff880`021a8490 fffff880`00f07841 : 00000000`0000012b 00000000`0000012a 00000000`0000012a 00000000`00000000 : Wdf01000!FxPkgPnp::PnpEventFailed+0x10 fffff880`021a84c0 fffff880`00f074fe : fffffa80`09d9c980 fffff880`021a85f0 00000000`00001000 fffff880`00f167f0 : Wdf01000!FxPkgPnp::PnpEnterNewState+0x1a5 fffff880`021a8530 fffff880`00f07201 : 00000000`00000000 00000000`00000400 fffffa80`09d9c980 fffffa80`09d9c980 : Wdf01000!FxPkgPnp::PnpProcessEventInner+0x122 fffff880`021a85a0 fffff880`00efc35a : 00000000`00000000 fffffa80`09da2850 00000000`00000001 fffffa80`09d9c980 : Wdf01000!FxPkgPnp::PnpProcessEvent+0x1b1 fffff880`021a8630 fffff880`00efddd6 : fffffa80`0cd56b17 00000000`00000000 00000000`00000000 fffffa80`09d9c980 : Wdf01000!FxPkgPdo::_PnpSurpriseRemoval+0x6a fffff880`021a8660 fffff880`00ecd245 : fffffa80`0f75bc60 fffffa80`0f75bc60 fffffa80`09d9c6a0 fffffa80`0f75bf28 : Wdf01000!FxPkgPnp::Dispatch+0x1b2 fffff880`021a86d0 fffff880`00ecd14b : 00000000`00000001 fffffa80`0f75bc60 00000000`00000001 fffffa80`09d9c6a0 : Wdf01000!FxDevice::Dispatch+0xa9 fffff880`021a8700 fffff880`078cd27b : fffffa80`0f75bc60 00000000`00000001 fffffa80`09dc0040 fffff880`021a8af8 : Wdf01000!FxDevice::DispatchWithLock+0x93 fffff880`021a8740 fffff800`02ef5af9 : fffffa80`09dc0040 00000000`c00000bb fffff880`021a8848 fffffa80`0f75bc60 : WSDPrint!WSDPrintDispatchPnp+0xeb fffff880`021a8790 fffff800`03073f71 : fffffa80`09d9c6a0 00000000`00000000 fffffa80`09de5a10 00000000`00000000 : nt!IopSynchronousCall+0xc5 fffff880`021a8800 fffff800`0306e968 : fffff8a0`0ff4eef0 fffffa80`09d9c6a0 00000000`0000030a 00000000`00000308 : nt!IopRemoveDevice+0x101 fffff880`021a88c0 fffff800`03073ab7 : fffffa80`09de5a10 00000000`00000000 00000000`00000003 fffff880`021a8b78 : nt!PnpSurpriseRemoveLockedDeviceNode+0x128 fffff880`021a8900 fffff800`03073bd0 : 00000000`00000000 fffff8a0`0fd54e00 fffff8a0`0ff4eef0 fffff880`021a8a58 : nt!PnpDeleteLockedDeviceNode+0x37 fffff880`021a8930 fffff800`031044cf : 00000000`00000002 00000000`00000000 fffffa80`09dcfd90 00000000`00000000 : nt!PnpDeleteLockedDeviceNodes+0xa0 fffff880`021a89a0 fffff800`0310508c : fffff880`021a8b78 fffffa80`0fa13500 fffffa80`09a9d600 fffffa80`00000000 : nt!PnpProcessQueryRemoveAndEject+0x6cf fffff880`021a8ae0 fffff800`02fee34e : 00000000`00000000 fffffa80`0fa13580 fffff8a0`0a090680 00000000`00000000 : nt!PnpProcessTargetDeviceEvent+0x4c fffff880`021a8b10 fffff800`02c95001 : fffff800`02ef4998 fffff8a0`0fd54e10 fffff800`02e2b2b8 fffff800`02e2b2b8 : nt! ?? ::NNGAKEGL::`string'+0x5b3cb fffff880`021a8b70 fffff800`02f25fee : 00000000`00000000 fffffa80`09a9d680 00000000`00000080 fffffa80`099dc040 : nt!ExpWorkerThread+0x111 fffff880`021a8c00 fffff800`02c7c5e6 : fffff880`03381180 fffffa80`09a9d680 fffff880`0338bfc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a fffff880`021a8c40 00000000`00000000 : fffff880`021a9000 fffff880`021a3000 fffff880`021a85e0 00000000`00000000 : nt!KxStartSystemThread+0x16 SYMBOL_STACK_INDEX: e SYMBOL_NAME: WSDPrint!WSDPrintDispatchPnp+eb FOLLOWUP_NAME: MachineOwner MODULE_NAME: WSDPrint IMAGE_NAME: WSDPrint.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bd3b8 STACK_COMMAND: .cxr 0xfffff880021a7970 ; kb FAILURE_BUCKET_ID: X64_0x7E_WSDPrint!WSDPrintDispatchPnp+eb BUCKET_ID: X64_0x7E_WSDPrint!WSDPrintDispatchPnp+eb Followup: MachineOwner ---------
    8. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\122211-10826-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c1e000 PsLoadedModuleList = 0xfffff800`02e63670 Debug session time: Thu Dec 22 21:29:32.568 2011 (UTC - 7:00) System Uptime: 0 days 13:23:05.770 Loading Kernel Symbols ............................................................... ................................................................ ................................. Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 19, {21, fffffa800cff2000, 24a0, d3ccced1ccccdcd6} Unable to load image \SystemRoot\system32\DRIVERS\agnfilt.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for agnfilt.sys *** ERROR: Module load completed but symbols could not be loaded for agnfilt.sys Probably caused by : agnfilt.sys ( agnfilt+1b08 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* BAD_POOL_HEADER (19) The pool is already corrupt at the time of the current request. This may or may not be due to the caller. The internal pool links must be walked to figure out a possible cause of the problem, and then special pool applied to the suspect tags or the driver verifier to a suspect driver. Arguments: Arg1: 0000000000000021, the data following the pool block being freed is corrupt. Typically this means the consumer (call stack ) has overrun the block. Arg2: fffffa800cff2000, The pool pointer being freed. Arg3: 00000000000024a0, The number of bytes allocated for the pool block. Arg4: d3ccced1ccccdcd6, The corrupted value found following the pool block. Debugging Details: ------------------ BUGCHECK_STR: 0x19_21 POOL_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ecd100 fffffa800cff2000 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: msiexec.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff80002dc89b2 to fffff80002c9ac40 STACK_TEXT: fffff880`08eee598 fffff800`02dc89b2 : 00000000`00000019 00000000`00000021 fffffa80`0cff2000 00000000`000024a0 : nt!KeBugCheckEx fffff880`08eee5a0 fffff880`00dc3b08 : 00000000`00000001 fffff880`016ae110 fffffa80`66747441 fffffa80`00000000 : nt!ExDeferredFreePool+0xfaa fffff880`08eee650 00000000`00000001 : fffff880`016ae110 fffffa80`66747441 fffffa80`00000000 fffffa80`0a6826b0 : agnfilt+0x1b08 fffff880`08eee658 fffff880`016ae110 : fffffa80`66747441 fffffa80`00000000 fffffa80`0a6826b0 fffff880`0169b526 : 0x1 fffff880`08eee660 fffffa80`66747441 : fffffa80`00000000 fffffa80`0a6826b0 fffff880`0169b526 00000000`00000001 : ndis!WPP_GLOBAL_Control fffff880`08eee668 fffffa80`00000000 : fffffa80`0a6826b0 fffff880`0169b526 00000000`00000001 fffffa80`0cb111a0 : 0xfffffa80`66747441 fffff880`08eee670 fffffa80`0a6826b0 : fffff880`0169b526 00000000`00000001 fffffa80`0cb111a0 fffffa80`0a682600 : 0xfffffa80`00000000 fffff880`08eee678 fffff880`0169b526 : 00000000`00000001 fffffa80`0cb111a0 fffffa80`0a682600 00000000`00000000 : 0xfffffa80`0a6826b0 fffff880`08eee680 fffff880`017041c3 : fffffa80`0cde6520 fffffa80`0d2bc700 fffffa80`0cde6500 fffffa80`0cb11100 : ndis!ndisDetachFilter+0x436 fffff880`08eee760 fffff880`016f890f : fffffa80`0d2bc780 00000000`00000000 fffff8a0`00004e01 fffffa80`0c62c010 : ndis!ndisHandleFilterDetachNotification+0x1f3 fffff880`08eee7f0 fffff880`016ea99f : 00000000`c0000023 fffffa80`0d2bc780 00000000`000000f9 fffffa80`0d2bc780 : ndis! ?? ::LNCPHCLB::`string'+0x660c fffff880`08eee830 fffff880`016eac91 : fffffa80`0ed09ad0 fffffa80`0ed09ad0 fffffa80`0c113df0 00000000`00000000 : ndis!ndisHandlePnPRequest+0x11f fffff880`08eee8a0 fffff800`02fb5a97 : fffffa80`09da7720 fffff880`08eeeb60 fffff880`08eeeb60 fffffa80`09da7720 : ndis!ndisDispatchRequest+0x111 fffff880`08eee8d0 fffff800`02fb62f6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607 fffff880`08eeea00 fffff800`02c99ed3 : fffffa80`0e55f060 fffff880`08eeeb60 fffffa80`0e55f060 fffff800`02f924f4 : nt!NtDeviceIoControlFile+0x56 fffff880`08eeea70 00000000`76e7138a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`02a5f048 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76e7138a STACK_COMMAND: kb FOLLOWUP_IP: agnfilt+1b08 fffff880`00dc3b08 ?? ??? SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: agnfilt+1b08 FOLLOWUP_NAME: MachineOwner MODULE_NAME: agnfilt IMAGE_NAME: agnfilt.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4c602418 FAILURE_BUCKET_ID: X64_0x19_21_agnfilt+1b08 BUCKET_ID: X64_0x19_21_agnfilt+1b08 Followup: MachineOwner ---------
    9. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\122611-13665-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c17000 PsLoadedModuleList = 0xfffff800`02e5c670 Debug session time: Mon Dec 26 10:01:26.895 2011 (UTC - 7:00) System Uptime: 3 days 2:01:42.723 Loading Kernel Symbols ............................................................... ................................................................ .................................. Loading User Symbols Loading unloaded module list ...... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 50, {fffffadb6db6dc78, 0, fffff88005e1e5ac, 5} Unable to load image \SystemRoot\system32\drivers\RTDVHD64.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for RTDVHD64.sys *** ERROR: Module load completed but symbols could not be loaded for RTDVHD64.sys Could not read faulting driver name Probably caused by : RTDVHD64.sys ( RTDVHD64+d5ac ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: fffffadb6db6dc78, memory referenced. Arg2: 0000000000000000, value 0 = read operation, 1 = write operation. Arg3: fffff88005e1e5ac, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000005, (reserved) Debugging Details: ------------------ Could not read faulting driver name READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ec6100 fffffadb6db6dc78 FAULTING_IP: RTDVHD64+d5ac fffff880`05e1e5ac 8a910b010000 mov dl,byte ptr [rcx+10Bh] MM_INTERNAL_CODE: 5 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x50 PROCESS_NAME: System CURRENT_IRQL: 0 TRAP_FRAME: fffff880045a8830 -- (.trap 0xfffff880045a8830) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000003 rbx=0000000000000000 rcx=fffffadb6db6db6d rdx=fffffa800d1724e0 rsi=0000000000000000 rdi=0000000000000000 rip=fffff88005e1e5ac rsp=fffff880045a89c8 rbp=0000000000000000 r8=fffff88005ec8ef8 r9=fffffadb6db6db6d r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc RTDVHD64+0xd5ac: fffff880`05e1e5ac 8a910b010000 mov dl,byte ptr [rcx+10Bh] ds:0010:fffffadb`6db6dc78=?? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002c3e3bf to fffff80002c93c40 STACK_TEXT: fffff880`045a86c8 fffff800`02c3e3bf : 00000000`00000050 fffffadb`6db6dc78 00000000`00000000 fffff880`045a8830 : nt!KeBugCheckEx fffff880`045a86d0 fffff800`02c91d6e : 00000000`00000000 fffffadb`6db6dc78 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x44791 fffff880`045a8830 fffff880`05e1e5ac : fffff880`05e1e5f8 00000000`00000009 fffffa80`0d1484f0 fffffa80`0d2b4000 : nt!KiPageFault+0x16e fffff880`045a89c8 fffff880`05e1e5f8 : 00000000`00000009 fffffa80`0d1484f0 fffffa80`0d2b4000 00000000`00000000 : RTDVHD64+0xd5ac fffff880`045a89d0 00000000`00000009 : fffffa80`0d1484f0 fffffa80`0d2b4000 00000000`00000000 00000000`00000005 : RTDVHD64+0xd5f8 fffff880`045a89d8 fffffa80`0d1484f0 : fffffa80`0d2b4000 00000000`00000000 00000000`00000005 fffff880`05ec903f : 0x9 fffff880`045a89e0 fffffa80`0d2b4000 : 00000000`00000000 00000000`00000005 fffff880`05ec903f fffff800`02c9e845 : 0xfffffa80`0d1484f0 fffff880`045a89e8 00000000`00000000 : 00000000`00000005 fffff880`05ec903f fffff800`02c9e845 fffff880`0330f180 : 0xfffffa80`0d2b4000 STACK_COMMAND: kb FOLLOWUP_IP: RTDVHD64+d5ac fffff880`05e1e5ac 8a910b010000 mov dl,byte ptr [rcx+10Bh] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: RTDVHD64+d5ac FOLLOWUP_NAME: MachineOwner MODULE_NAME: RTDVHD64 IMAGE_NAME: RTDVHD64.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4c8eefa2 FAILURE_BUCKET_ID: X64_0x50_RTDVHD64+d5ac BUCKET_ID: X64_0x50_RTDVHD64+d5ac Followup: MachineOwner ---------
    10. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\kingbear\First 5\DUNELAND-PC-BSOD\Windows_NT6_BSOD_jcgriff2\122811-12948-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c51000 PsLoadedModuleList = 0xfffff800`02e96670 Debug session time: Wed Dec 28 09:01:40.176 2011 (UTC - 7:00) System Uptime: 1 days 22:58:51.003 Loading Kernel Symbols ............................................................... ................................................................ .................................. Loading User Symbols Loading unloaded module list ................. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1E, {0, 0, 0, 0} Probably caused by : ntkrnlmp.exe ( nt!KiKernelCalloutExceptionHandler+e ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KMODE_EXCEPTION_NOT_HANDLED (1e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: 0000000000000000, The exception code that was not handled Arg2: 0000000000000000, The address that the exception occurred at Arg3: 0000000000000000, Parameter 0 of the exception Arg4: 0000000000000000, Parameter 1 of the exception Debugging Details: ------------------ EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully. FAULTING_IP: +3532343234656437 00000000`00000000 ?? ??? EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 0000000000000000 ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0 BUGCHECK_STR: 0x1E_0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 2 EXCEPTION_RECORD: fffff80000b9c0e8 -- (.exr 0xfffff80000b9c0e8) ExceptionAddress: fffff80002cdd2dc (nt!IopTimerDispatch+0x000000000000012f) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff TRAP_FRAME: fffff80000b9c190 -- (.trap 0xfffff80000b9c190) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff80000b9c2e0 rbx=0000000000000000 rcx=73f83b44f78b4d00 rdx=0000958e0fc73b41 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002cdd2dc rsp=fffff80000b9c320 rbp=0000000000000000 r8=00000000646d5800 r9=0000000000000000 r10=07fffaecdaec27ff r11=fffff80000b9c2f0 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po nc nt!IopTimerDispatch+0x12f: fffff800`02cdd2dc ff5710 call qword ptr [rdi+10h] ds:34c8:00000000`00000010=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002cc55fe to fffff80002ccdc10 STACK_TEXT: fffff800`00b9b1c8 fffff800`02cc55fe : 00000000`00000000 fffff800`02cf99f0 fffff800`02ed7908 fffff800`02cdd2dc : nt!KeBugCheck fffff800`00b9b1d0 fffff800`02cf94fd : fffff800`02ed771c fffff800`02e14c30 fffff800`02c51000 fffff800`00b9c0e8 : nt!KiKernelCalloutExceptionHandler+0xe fffff800`00b9b200 fffff800`02cf82d5 : fffff800`02e180fc fffff800`00b9b278 fffff800`00b9c0e8 fffff800`02c51000 : nt!RtlpExecuteHandlerForException+0xd fffff800`00b9b230 fffff800`02d09361 : fffff800`00b9c0e8 fffff800`00b9b940 fffff800`00000000 fffffa80`0d0143ac : nt!RtlDispatchException+0x415 fffff800`00b9b910 fffff800`02ccd2c2 : fffff800`00b9c0e8 00000000`00000000 fffff800`00b9c190 00000000`00000001 : nt!KiDispatchException+0x135 fffff800`00b9bfb0 fffff800`02ccbbca : 0000000e`00000028 fffff880`03037bb4 fffff880`03037bb4 00000000`0007c0c8 : nt!KiExceptionDispatch+0xc2 fffff800`00b9c190 fffff800`02cdd2dc : 00000000`00000000 00000000`00000000 00000000`00000001 fffffa80`0d0084c8 : nt!KiGeneralProtectionFault+0x10a fffff800`00b9c320 fffff800`02cd95fc : 00000000`00000002 fffff800`00b9c538 00000000`00000004 00000000`00000007 : nt!IopTimerDispatch+0x12f fffff800`00b9c430 fffff800`02cd9496 : fffffa80`0f82ac60 fffffa80`0f82ac60 00000000`00000000 00000000`00000000 : nt!KiProcessTimerDpcTable+0x6c fffff800`00b9c4a0 fffff800`02cd937e : 00000189`c9ef1b54 fffff800`00b9cb18 00000000`00a56e3d fffff800`02e46a28 : nt!KiProcessExpiredTimerList+0xc6 fffff800`00b9caf0 fffff800`02cd9167 : 00000082`7443a8d1 00000082`00a56e3d 00000082`7443a83a 00000000`0000003d : nt!KiTimerExpiration+0x1be fffff800`00b9cb90 fffff800`02cc596a : fffff800`02e43e80 fffff800`02e51cc0 00000000`00000002 fffff880`00000000 : nt!KiRetireDpcList+0x277 fffff800`00b9cc40 00000000`00000000 : fffff800`00b9d000 fffff800`00b97000 fffff800`00b9cc00 00000000`00000000 : nt!KiIdleLoop+0x5a STACK_COMMAND: kb FOLLOWUP_IP: nt!KiKernelCalloutExceptionHandler+e fffff800`02cc55fe 90 nop SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt!KiKernelCalloutExceptionHandler+e FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3 FAILURE_BUCKET_ID: X64_0x1E_0_nt!KiKernelCalloutExceptionHandler+e BUCKET_ID: X64_0x1E_0_nt!KiKernelCalloutExceptionHandler+e Followup: MachineOwner ---------
    Drivers that may need updating:
    Code:
    lmimirr	fffff880`04518000	fffff880`0451f000	Tue Apr 10 16:32:45 2007 (461c108d)	0000a04c		lmimirr.sys
    RaInfo	fffff880`03dcf000	fffff880`03dd6000	Fri Jan 04 11:57:14 2008 (477e818a)	0000d903		RaInfo.sys
    PBADRV	fffff880`01b3a000	fffff880`01b46000	Mon Jan 07 12:12:13 2008 (4782798d)	000085ef		PBADRV.sys
    LMIRfsDriver	fffff880`03dd6000	fffff880`03de9000	Mon Jul 14 10:26:56 2008 (487b7e50)	0001e26d		LMIRfsDriver.sys


    Okay, so bottom line, the blue screen errors are all over the place. This usually means a hardware problem or an underlying driver problem. First thing to check is hardware since memory could be the problem.

    Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete.


    The next thing to check is underlying driver problems. Run Driver Verifier to find any issues. To run Driver Verifier, do the following:
    a. Backup your system and user files
    b. Create a system restore point
    c. If you do not have a Windows 7 DVD, Create a system repair disc
    d. Run Driver Verifier

    If Windows cannot start in normal mode with driver verifier running, start in safe mode. If it cannot start in safe mode or normal mode, restore the system restore point using System Restore OPTION TWO.

    Thanks to zigzag3143 for contributing to the above steps.
    If you are unable to start Windows with all drivers being verified or if the blue screen crashes fail to create .dmp files, run them in groups of 5 or 10 until you find a group that causes blue screen crashes and stores the blue screen .dmp files.
      My Computer


  5. Posts : 5
    Windows 7 Pro 64-bit
    Thread Starter
       #5

    Thank you very much for looking over the logs.

    One of the problems is that I don't currently have physical access to the systems. They are already all installed in a production environment and it would be hard for me to run all these tests. I'm thinking something else:

    I forgot to mention that the other 2 programs installed on all of these systems are Microsoft Security Essentials, and LogMeIn Pro. Both of those also heavily affect the system and drivers and may be causing it. I'm thinking to uninstall MSE on 5 of the computers (and use something else like Avira or AVG), uninstall Logmein on 5 of the computers (and use something like teamviewer), and on the remaining 5, get someone to remove the additional 8GB of RAM. I would then leave it for a week or two and see which set of 5 doesn't have any BSOD's.

    My question is, how can I easily determine when the last BSOD was? Is there a specific code in the event logs which will tell me this?

    Thanks. I really appreciate the advice on this forum.
      My Computer


  6. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #6

    kingbear said:
    Thank you very much for looking over the logs.

    One of the problems is that I don't currently have physical access to the systems. They are already all installed in a production environment and it would be hard for me to run all these tests. I'm thinking something else:

    I forgot to mention that the other 2 programs installed on all of these systems are Microsoft Security Essentials, and LogMeIn Pro. Both of those also heavily affect the system and drivers and may be causing it. I'm thinking to uninstall MSE on 5 of the computers (and use something else like Avira or AVG), uninstall Logmein on 5 of the computers (and use something like teamviewer), and on the remaining 5, get someone to remove the additional 8GB of RAM. I would then leave it for a week or two and see which set of 5 doesn't have any BSOD's.

    My question is, how can I easily determine when the last BSOD was? Is there a specific code in the event logs which will tell me this?

    Thanks. I really appreciate the advice on this forum.
    Not having physical access does make it more difficult. I would say that MSE is nearly 100% known not to cause blue screen crashes, so that may not be a necessary step, but it is up to you. Avira and AVG are more likely to cause blue screen crashes than MSE. Pretty much any antivirus other than MSE is more likely to cause compatibility issues.

    LogMeIn is a possible culprit since most of the drivers that may need updating belong to that software.

    Removing the 8 GB of RAM is a good workaround to not being able to run tests on the systems.

    To find the most recent crash, go into C:\Windows\Minidump and see what the most recent file is dated.
      My Computer


  7. Posts : 5
    Windows 7 Pro 64-bit
    Thread Starter
       #7

    Are all crashes listed in the minidump folder? Because many of the systems I'm seeing only 3 crashes and a bunch of them happened on 11/4, 11/14 and 12/14. I can't remember specifically what I did on those dates.
      My Computer


  8. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #8

    Nearly all crashes should be listed. Dump files can fail to be created if the crash hangs and is unable to generate the file. The other thing to check for is system logs to see when the computer was not shut down properly. To access system logs:
    1. Click Start Menu
    2. Type eventvwr into Search programs and files (do not hit enter)
    3. Right click eventvwr and click Run as administrator
    4. Expand Windows Logs
    5. Click System
    6. Check for errors associated with not shutting down properly
      My Computer


  9. Posts : 5
    Windows 7 Pro 64-bit
    Thread Starter
       #9

    I have a bunch of error #41 where the system shut down unexpectedly. I don't know how to determine if it was a brownout or a BSOD.
      My Computer


  10. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #10

    kingbear said:
    I have a bunch of error #41 where the system shut down unexpectedly. I don't know how to determine if it was a brownout or a BSOD.
    The blue screen related shut downs will be preceded by an error due to a bugcheck ID. Event ID: 1001
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:39.
Find Us