Hi Samw1s3, welcome to 7F! :)
Boy, are you in a pickle!
You have had at least 14BSODs in the last three days.
Two related to programs, Java, and Chrome.
Three related to outdated drivers.
And, the others Memory.
Are you sure your virus/malware clean??
This going to take some doin' on your part.
What I would like you to do is to unequivocally uninstall Java, and chrome.
https://www.java.com/en/download/uninstall.jsp
Uninstall Google Chrome - Google Chrome Help
Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050031, 6f8, fffff80002e8c86f}
Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80002e8c86f
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: javaw.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002e71b29 to fffff80002e725c0
STACK_TEXT:
fffff880`009efce8 fffff800`02e71b29 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`009efcf0 fffff800`02e6fff2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`009efe30 fffff800`02e8c86f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`06c01fc0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0x61f
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiDoubleFaultAbort+b2
fffff800`02e6fff2 90 nop
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiDoubleFaultAbort+b2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
FAILURE_BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
Followup: MachineOwner
Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully.
FAULTING_IP:
+0
00000000`00000000 ?? ???
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x1E
PROCESS_NAME: chrome.exe
CURRENT_IRQL: 2
EXCEPTION_RECORD: fffff88002f22c28 -- (.exr 0xfffff88002f22c28)
ExceptionAddress: fffff80002fa97d6 (nt!PpmPerfRecordUtility+0x00000000000000c6)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
TRAP_FRAME: fffff88002f22cd0 -- (.trap 0xfffff88002f22cd0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00df000000000000 rbx=0000000000000000 rcx=fffff88002f22ed8
rdx=0000000058f9c2bf rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002fa97d6 rsp=fffff88002f22e60 rbp=fffffa8009319d80
r8=fffff88002f22ee0 r9=000000000026be4a r10=0000000000000000
r11=000000006b9e70e7 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!PpmPerfRecordUtility+0xc6:
fffff800`02fa97d6 ffd0 call rax {00df0000`00000000}
Resetting default scope
Until we get your system to calm down uninstall any Flash or Macromedia also.
Uninstall Flash Player | Windows
Shockwave:
Downloading Shockwave stand-alone installer and Shockwave uninstaller
Now that we have that out of the way you could try your system, but I suspect you would still have BSODs
There are those outdated drivers, and the memory corruptions.
Drivers can be problematic, but Memory, what can I say, if you don't have your memory, your in deep S**t.
So read the instructions while your downloading the Memtest86+ - Advanced Memory Diagnostic Tool program.
Set your power options to always on because your going to have to run this overnight. Set it for at least 7 passes.
You have a new MB and RAM, it is not inconceivable that one or the other suffered damage in its journey to you.
Test the modules in different memory sockets, when you find a good one or two or three, try that good one in each of the Memory sockets.
You might have good memory, but a bad socket.
And, you should check that Video card for bad soldering, cracks, anything that doesn't look right.
If your system will hold up you should try a CHKDSK and SFC /scannow on your HDD to.
Information from the dbg files:
Drivers involved:
dxgmms1!VIDMM
Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff88012bbcff3, The address that the exception occurred at
Arg3: fffff88003b9f698, Exception Record Address
Arg4: fffff88003b9ef00, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
dxgmms1!VIDMM_GLOBAL::ReferenceAllocationForSubmission+a3
fffff880`12bbcff3 48894108 mov qword ptr [rcx+8],rax
EXCEPTION_RECORD: fffff88003b9f698 -- (.exr 0xfffff88003b9f698)
ExceptionAddress: fffff88012bbcff3 (dxgmms1!VIDMM_GLOBAL::ReferenceAllocationForSubmission+0x00000000000000a3)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff88003b9ef00 -- (.cxr 0xfffff88003b9ef00)
rax=fffffa8007e6f590 rbx=fffff8a00f5db8d0 rcx=ff53fa8008f53330
rdx=fffff8a00f13d730 rsi=fffffa8007708e10 rdi=fffffa8009e71000
rip=fffff88012bbcff3 rsp=fffff88003b9f8d0 rbp=0000000000000000
r8=fffffa8007708e60 r9=0000000000000000 r10=0000000000000000
r11=fffffa8009e723e8 r12=0000000000000015 r13=0000000000000000
r14=fffffa8007074660 r15=000000000000002e
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286
dxgmms1!VIDMM_GLOBAL::ReferenceAllocationForSubmission+0xa3:
fffff880`12bbcff3 48894108 mov qword ptr [rcx+8],rax ds:002b:ff53fa80`08f53338=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030ba0e0
ffffffffffffffff
FOLLOWUP_IP:
dxgmms1!VIDMM_GLOBAL::ReferenceAllocationForSubmission+a3
fffff880`12bbcff3 48894108 mov qword ptr [rcx+8],rax
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from fffff88012bba8af to fffff88012bbcff3
STACK_TEXT:
fffff880`03b9f8d0 fffff880`12bba8af : 00000000`00000000 fffffa80`0b2370a8 00000000`00000019 fffffa80`0b23f200 : dxgmms1!VIDMM_GLOBAL::ReferenceAllocationForSubmission+0xa3
fffff880`03b9f910 fffff880`12bd465d : 00000000`00000000 fffff8a0`0f407770 fffffa80`00000000 fffffa80`07074660 : dxgmms1!VIDMM_GLOBAL::PrepareDmaBuffer+0xe1b
fffff880`03b9fae0 fffff880`12bd4398 : fffff800`044eb080 fffff880`12bd3d00 fffffa80`00000000 fffffa80`00000000 : dxgmms1!VidSchiSubmitRenderCommand+0x241
fffff880`03b9fcd0 fffff880`12bd3e96 : 00000000`00000000 fffffa80`0a39b010 00000000`00000080 fffffa80`09e04410 : dxgmms1!VidSchiSubmitQueueCommand+0x50
fffff880`03b9fd00 fffff800`031226fa : 00000000`038dd730 fffffa80`09b34b60 fffffa80`06a1e040 fffffa80`09b34b60 : dxgmms1!VidSchiWorkerThread+0xd6
fffff880`03b9fd40 fffff800`02e60b46 : fffff800`02ffce80 fffffa80`09b34b60 fffff800`0300ac40 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03b9fd80 00000000`00000000 : fffff880`03ba0000 fffff880`03b9a000 fffff880`03b9f690 00000000`00000000 : nt!KiStartSystemThread+0x16
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: dxgmms1!VIDMM_GLOBAL::ReferenceAllocationForSubmission+a3
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: dxgmms1
IMAGE_NAME: dxgmms1.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d3fa174
STACK_COMMAND: .cxr 0xfffff88003b9ef00 ; kb
FAILURE_BUCKET_ID: X64_0x7E_dxgmms1!VIDMM_GLOBAL::ReferenceAllocationForSubmission+a3
BUCKET_ID: X64_0x7E_dxgmms1!VIDMM_GLOBAL::ReferenceAllocationForSubmission+a3
Followup: MachineOwner
partmgr:
Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully.
FAULTING_IP:
+0
00000000`00000000 ?? ???
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x1E
PROCESS_NAME: System
CURRENT_IRQL: 2
EXCEPTION_RECORD: fffff88002ffd488 -- (.exr 0xfffff88002ffd488)
ExceptionAddress: fffff88000e45f64 (partmgr!PmReadWriteCompletion+0x0000000000000034)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
TRAP_FRAME: fffff88002ffd530 -- (.trap 0xfffff88002ffd530)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff88002ffd6e8 rbx=0000000000000000 rcx=fffffa80079019d0
rdx=fffffa800994d010 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88000e45f64 rsp=fffff88002ffd6c0 rbp=fffffa800994d010
r8=0000000000000000 r9=fffffa800744d1b0 r10=fffffa800734d620
r11=fffff88002ffd7d8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
partmgr!PmReadWriteCompletion+0x34:
fffff880`00e45f64 80bf2901000000 cmp byte ptr [rdi+129h],0 ds:0002:00000000`00000129=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002e692ee to fffff80002e71590
STACK_TEXT:
fffff880`02ffc578 fffff800`02e692ee : 00000000`00000000 00000000`00000000 fffff880`02ffccf0 fffff800`02e9e524 : nt!KeBugCheck
fffff880`02ffc580 fffff800`02e972dd : fffff800`0307fb7c fffff800`02fb9e68 fffff800`02e01000 fffff880`02ffd488 : nt!KiKernelCalloutExceptionHandler+0xe
fffff880`02ffc5b0 fffff800`02e9e950 : fffff800`02fc0b0c fffff880`02ffc628 fffff880`02ffd488 fffff800`02e01000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`02ffc5e0 fffff800`02eab8cf : fffff880`02ffd488 fffff880`02ffccf0 fffff880`00000000 ffbffa80`07901b20 : nt!RtlDispatchException+0x410
fffff880`02ffccc0 fffff800`02e70c02 : fffff880`02ffd488 fffffa80`0994d203 fffff880`02ffd530 fffffa80`0994d248 : nt!KiDispatchException+0x16f
fffff880`02ffd350 fffff800`02e6f50a : fffffa80`0790aa00 fffff800`02f55e07 fffffa80`06a9de50 fffff880`02ffd500 : nt!KiExceptionDispatch+0xc2
fffff880`02ffd530 fffff880`00e45f64 : 00000000`00000000 00000000`00000000 fffffa80`09aba400 fffffa80`09a57168 : nt!KiGeneralProtectionFault+0x10a
fffff880`02ffd6c0 fffff800`02e73bb6 : fffffa80`0994d203 00000000`00000034 fffffa80`079019d0 fffffa80`0994d010 : partmgr!PmReadWriteCompletion+0x34
fffff880`02ffd6f0 fffff880`014178ee : fffffa80`08e310e0 00000000`00000001 00000000`ffffffff 00000000`00000000 : nt!IopfCompleteRequest+0x336
fffff880`02ffd7e0 fffff800`02e73bb6 : 00000000`00000000 fffffa80`07436c00 fffffa80`08e310e0 fffff800`033e2156 : CLASSPNP!TransferPktComplete+0x1ce
fffff880`02ffd860 fffff880`00fdd41a : 00000000`00000000 00000000`00000001 fffffa80`08e31010 00000000`00000000 : nt!IopfCompleteRequest+0x336
fffff880`02ffd950 fffff880`00fdd242 : fffffa80`08e31010 fffffa80`07436c50 fffffa80`07440e20 fffffa80`07440e00 : ataport!IdeCompleteScsiIrp+0x62
fffff880`02ffd980 fffff880`00fd7e32 : 00000000`00000000 00000000`00000000 fffffa80`0744a000 fffff800`03408c60 : ataport!IdeCommonCrbCompletion+0x5a
fffff880`02ffd9b0 fffff880`00fe07ed : fffffa80`0734c1a0 fffffa80`08e31010 00000000`00000000 fffffa80`08e31010 : ataport!IdeTranslateCompletedRequest+0x236
fffff880`02ffdae0 fffff880`00fe00ec : fffffa80`0734c1a0 00000000`00000000 fffffa80`0734c1a0 00000000`00000000 : ataport!IdeProcessCompletedRequests+0x4d5
fffff880`02ffdc10 fffff800`02e7ca9c : fffff880`02fd5180 00000000`04837d49 fffffa80`0734c050 fffffa80`0734c118 : ataport!IdePortCompletionDpc+0x1a8
fffff880`02ffdcd0 fffff800`02e79d8a : fffff880`02fd5180 fffff880`02fdffc0 00000000`00000000 fffff880`00fdff44 : nt!KiRetireDpcList+0x1bc
fffff880`02ffdd80 00000000`00000000 : fffff880`02ffe000 fffff880`02ff8000 fffff880`02ffdd40 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_IP:
partmgr!PmReadWriteCompletion+34
fffff880`00e45f64 80bf2901000000 cmp byte ptr [rdi+129h],0
SYMBOL_STACK_INDEX: 7
SYMBOL_NAME: partmgr!PmReadWriteCompletion+34
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: partmgr
IMAGE_NAME: partmgr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc11e
FAILURE_BUCKET_ID: X64_0x1E_partmgr!PmReadWriteCompletion+34
BUCKET_ID: X64_0x1E_partmgr!PmReadWriteCompletion+34
Followup: MachineOwner
---------
3: kd> lmvm partmgr
start end module name
fffff880`00e40000 fffff880`00e55000 partmgr (pdb symbols) c:\symbols\partmgr.pdb\00C2F7A7B66E4C7589366FDCFB16A5372\partmgr.pdb
Loaded symbol image file: partmgr.sys
Mapped memory image file: c:\symbols\partmgr.sys\4A5BC11E15000\partmgr.sys
Image path: \SystemRoot\System32\drivers\partmgr.sys
Image name: partmgr.sys
Timestamp: Mon Jul 13 19:19:58 2009 (4A5BC11E)
CheckSum: 0001FB45
ImageSize: 00015000
File version: 6.1.7600.16385
Product version: 6.1.7600.16385
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0000.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: partmgr.sys
OriginalFilename: partmgr.sys
ProductVersion: 6.1.7600.16385
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
FileDescription: Partition Management Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
NTFS_FILE_SYSTEM (24)
Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff88007c99748
Arg3: fffff88007c98fb0
Arg4: fffff800031c3636
Debugging Details:
------------------
EXCEPTION_RECORD: fffff88007c99748 -- (.exr 0xfffff88007c99748)
ExceptionAddress: fffff800031c3636 (nt!CcMapData+0x0000000000000096)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff88007c98fb0 -- (.cxr 0xfffff88007c98fb0)
rax=ff84fa8007968d78 rbx=000000000000000e rcx=0000000000000007
rdx=0000000000000001 rsi=fffff8a00b12f0a8 rdi=fffffa8006f81b60
rip=fffff800031c3636 rsp=fffff88007c99980 rbp=fffff8a0001d5200
r8=0000000000001000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000001 r12=0000000000000001 r13=fffffa8007993b20
r14=fffff88007c99a90 r15=fffff8a00d28acc0
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!CcMapData+0x96:
fffff800`031c3636 488b4808 mov rcx,qword ptr [rax+8] ds:002b:ff84fa80`07968d80=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: TrustedInstall
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030f80e0
ffffffffffffffff
FOLLOWUP_IP:
Ntfs!FindFirstIndexEntry+1fa
fffff880`012f5125 84c0 test al,al
FAULTING_IP:
nt!CcMapData+96
fffff800`031c3636 488b4808 mov rcx,qword ptr [rax+8]
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff880012f5125 to fffff800031c3636
STACK_TEXT:
fffff880`07c99980 fffff880`012f5125 : fffffa80`0af4be40 fffff8a0`001d5200 fffff8a0`00010000 fffff8a0`0000000e : nt!CcMapData+0x96
fffff880`07c99a40 fffff880`012d9b2d : fffff8a0`0b12f010 00000000`00000001 fffff8a0`001d5450 fffff8a0`001d5200 : Ntfs!FindFirstIndexEntry+0x1fa
fffff880`07c99ad0 fffff880`012d6ede : fffffa80`0af4be40 fffff8a0`001d5450 fffff8a0`001d5200 fffffa80`0af4be40 : Ntfs!NtfsRestartIndexEnumeration+0xed
fffff880`07c99cf0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Ntfs!NtfsQueryDirectory+0x94e
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: Ntfs!FindFirstIndexEntry+1fa
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d79996d
STACK_COMMAND: .cxr 0xfffff88007c98fb0 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!FindFirstIndexEntry+1fa
BUCKET_ID: X64_0x24_Ntfs!FindFirstIndexEntry+1fa
Followup: MachineOwner
NETIO:
Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 0000000000000000, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (Win32) 0 (0) - The operation completed successfully.
FAULTING_IP:
+0
00000000`00000000 ?? ???
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x1E
CURRENT_IRQL: 2
EXCEPTION_RECORD: fffff88002f8c258 -- (.exr 0xfffff88002f8c258)
ExceptionAddress: fffff880017460f9 (NETIO!RtlGetNextExpiredTimerWheelEntry+0x00000000000000ea)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
TRAP_FRAME: fffff88002f8c300 -- (.trap 0xfffff88002f8c300)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8007993240 rbx=0000000000000000 rcx=fffffa8007993240
rdx=ff99fa8007993240 rsi=0000000000000000 rdi=0000000000000000
rip=fffff880017460f9 rsp=fffff88002f8c498 rbp=000000000000313d
r8=000000000000007e r9=fffffa8007992638 r10=00000000000037b5
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
NETIO!RtlGetNextExpiredTimerWheelEntry+0xea:
fffff880`017460f9 8b4210 mov eax,dword ptr [rdx+10h] ds:1d40:ff99fa80`07993250=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ebd2ee to fffff80002ec5590
STACK_TEXT:
fffff880`02f8b348 fffff800`02ebd2ee : 00000000`00000000 fffffa80`0a54c170 fffff880`02f8bac0 fffff800`02ef2524 : nt!KeBugCheck
fffff880`02f8b350 fffff800`02eeb2dd : fffff800`030d3b7c fffff800`0300de68 fffff800`02e55000 fffff880`02f8c258 : nt!KiKernelCalloutExceptionHandler+0xe
fffff880`02f8b380 fffff800`02ef2950 : fffff800`03014b0c fffff880`02f8b3f8 fffff880`02f8c258 fffff800`02e55000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`02f8b3b0 fffff800`02eff8cf : fffff880`02f8c258 fffff880`02f8bac0 fffff880`00000000 fffffa80`07870c40 : nt!RtlDispatchException+0x410
fffff880`02f8ba90 fffff800`02ec4c02 : fffff880`02f8c258 00000000`00000000 fffff880`02f8c300 00000000`00000004 : nt!KiDispatchException+0x16f
fffff880`02f8c120 fffff800`02ec350a : fffff880`00000000 fffff880`02f87000 fffff880`11f70171 fffff880`02f87000 : nt!KiExceptionDispatch+0xc2
fffff880`02f8c300 fffff880`017460f9 : fffff880`01882593 00000000`0000007e 00000000`0000313d 00000000`0000007e : nt!KiGeneralProtectionFault+0x10a
fffff880`02f8c498 fffff880`01882593 : 00000000`0000007e 00000000`0000313d 00000000`0000007e 00000000`00000004 : NETIO!RtlGetNextExpiredTimerWheelEntry+0xea
fffff880`02f8c4a0 fffff880`018764d8 : 00000000`00000022 00000000`0000313d 00000000`00000c30 00000000`00000a50 : tcpip!TcpProcessExpiredTimeWaitTcbTimers+0x83
fffff880`02f8c4f0 fffff800`02ed112e : fffff880`02f8c600 fffffa80`000019b2 00000000`00000001 00000000`00000000 : tcpip!TcpPeriodicTimeoutHandler+0x31a
fffff880`02f8c570 fffff800`02ed0c76 : fffffa80`0b173648 fffffa80`0b173648 00000000`00000000 00000000`00000000 : nt!KiProcessTimerDpcTable+0x66
fffff880`02f8c5e0 fffff800`02ed134e : 00000000`4acc6ab4 fffff880`02f8cc58 00000000`00001f6c fffff880`02f67308 : nt!KiProcessExpiredTimerList+0xc6
fffff880`02f8cc30 fffff800`02ed0b57 : 00000000`13139cc4 00000000`00001f6c 00000000`13139cb8 00000000`0000006c : nt!KiTimerExpiration+0x1be
fffff880`02f8ccd0 fffff800`02ecdd8a : fffff880`02f64180 fffff880`02f6efc0 00000000`00000000 fffff880`01654c50 : nt!KiRetireDpcList+0x277
fffff880`02f8cd80 00000000`00000000 : fffff880`02f8d000 fffff880`02f87000 fffff880`02f8cd40 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!RtlGetNextExpiredTimerWheelEntry+ea
fffff880`017460f9 8b4210 mov eax,dword ptr [rdx+10h]
SYMBOL_STACK_INDEX: 7
SYMBOL_NAME: NETIO!RtlGetNextExpiredTimerWheelEntry+ea
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc18a
FAILURE_BUCKET_ID: X64_0x1E_NETIO!RtlGetNextExpiredTimerWheelEntry+ea
BUCKET_ID: X64_0x1E_NETIO!RtlGetNextExpiredTimerWheelEntry+ea
Followup: MachineOwner
---------
2: kd> lmvm NETIO
start end module name
fffff880`01745000 fffff880`017a5000 NETIO (pdb symbols) c:\symbols\netio.pdb\4ACD68B3A9824AAAB3C53C0077FC611F2\netio.pdb
Loaded symbol image file: NETIO.SYS
Mapped memory image file: c:\symbols\NETIO.SYS\4A5BC18A60000\NETIO.SYS
Image path: \SystemRoot\system32\drivers\NETIO.SYS
Image name: NETIO.SYS
Timestamp: Mon Jul 13 19:21:46 2009 (4A5BC18A)
CheckSum: 0005F36C
ImageSize: 00060000
File version: 6.1.7600.16385
Product version: 6.1.7600.16385
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: netio.sys
OriginalFilename: netio.sys
ProductVersion: 6.1.7600.16385
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
FileDescription: Network I/O Subsystem
LegalCopyright: © Microsoft Corporation. All rights reserved.
Pool_corruption
Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {3, fffffa80069957e0, ff44fa80069957e0, ffe0fa80069957e0}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+a56 )
Followup: Pool_corruption
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffffa80069957e0, the pool entry being checked.
Arg3: ff44fa80069957e0, the read back flink freelist value (should be the same as 2).
Arg4: ffe0fa80069957e0, the read back blink freelist value (should be the same as 2).
Debugging Details:
------------------
BUGCHECK_STR: 0x19_3
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff8000300bd6f to fffff80002ed85c0
STACK_TEXT:
fffff880`08aeb6d8 fffff800`0300bd6f : 00000000`00000019 00000000`00000003 fffffa80`069957e0 ff44fa80`069957e0 : nt!KeBugCheckEx
fffff880`08aeb6e0 fffff880`07a8d624 : 00000000`00000003 fffff8a0`0276b150 00000000`65456153 00000000`00000000 : nt!ExDeferredFreePool+0xa56
fffff880`08aeb7d0 00000000`00000003 : fffff8a0`0276b150 00000000`65456153 00000000`00000000 fffff880`08aebb00 : 0xfffff880`07a8d624
fffff880`08aeb7d8 fffff8a0`0276b150 : 00000000`65456153 00000000`00000000 fffff880`08aebb00 fffff880`07ade930 : 0x3
fffff880`08aeb7e0 00000000`65456153 : 00000000`00000000 fffff880`08aebb00 fffff880`07ade930 fffff8a0`0276b150 : 0xfffff8a0`0276b150
fffff880`08aeb7e8 00000000`00000000 : fffff880`08aebb00 fffff880`07ade930 fffff8a0`0276b150 00000000`00001000 : 0x65456153
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+a56
fffff800`0300bd6f cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExDeferredFreePool+a56
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a56
BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a56
Followup: Pool_corruption
---------
1: kd> lmvm Pool_Corruption
start end module name
Missing image name, possible paged-out or corrupt data.
Missing image name, possible paged-out or corrupt data.
mscorsvw.exe:
Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41201, fffff683ff800a10, 2900000094b22867, fffffa800ab24410}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+13b42 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041201, The subtype of the bugcheck.
Arg2: fffff683ff800a10
Arg3: 2900000094b22867
Arg4: fffffa800ab24410
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41201
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: mscorsvw.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002f34a6e to fffff80002ed65c0
STACK_TEXT:
fffff880`046389b8 fffff800`02f34a6e : 00000000`0000001a 00000000`00041201 fffff683`ff800a10 29000000`94b22867 : nt!KeBugCheckEx
fffff880`046389c0 fffff800`02ea4b7e : fffffa80`08575480 fffff880`00e2d711 00000000`00000001 29000000`94b22867 : nt! ?? ::FNODOBFM::`string'+0x13b42
fffff880`04638a00 fffff800`02ea481a : fffffa80`0ab24410 fffffa80`07ccdb30 fffffa80`07ccdb30 000007ff`00142000 : nt!MiQueryAddressState+0x2ae
fffff880`04638a50 fffff800`031ba8f8 : fffff880`00000000 000007ff`00143000 fffffa80`0ab24410 00000000`00000000 : nt!MiQueryAddressSpan+0xaa
fffff880`04638ac0 fffff800`02ed5813 : 00000000`00000108 fffffa80`06e9fb60 00000000`00000000 00000000`00bcda48 : nt!NtQueryVirtualMemory+0x386
fffff880`04638bb0 00000000`76ecf8ea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00bcda28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76ecf8ea
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+13b42
fffff800`02f34a6e cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+13b42
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
FAILURE_BUCKET_ID: X64_0x1a_41201_nt!_??_::FNODOBFM::_string_+13b42
BUCKET_ID: X64_0x1a_41201_nt!_??_::FNODOBFM::_string_+13b42
Followup: MachineOwner
---------