Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010512-22916-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0305e000 PsLoadedModuleList = 0xfffff800`032a3670
Debug session time: Thu Jan 5 15:47:01.624 2012 (UTC - 7:00)
System Uptime: 0 days 2:20:58.450
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41790, fffffa8004e5f310, ffff, 0}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+36024 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa8004e5f310
Arg3: 000000000000ffff
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41790
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: BCU.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff8000314a150 to fffff800030dac40
STACK_TEXT:
fffff880`098d8958 fffff800`0314a150 : 00000000`0000001a 00000000`00041790 fffffa80`04e5f310 00000000`0000ffff : nt!KeBugCheckEx
fffff880`098d8960 fffff800`030c80ff : fffffa80`00000000 00000000`03e20fff 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x36024
fffff880`098d8b20 fffff800`030d9ed3 : ffffffff`ffffffff 00000000`0008e320 00000000`0008e318 00000000`00008000 : nt!NtFreeVirtualMemory+0x61f
fffff880`098d8c20 00000000`770614fa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0008e2e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x770614fa
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+36024
fffff800`0314a150 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+36024
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+36024
BUCKET_ID: X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+36024
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010612-21668-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0305e000 PsLoadedModuleList = 0xfffff800`032a3670
Debug session time: Fri Jan 6 12:57:09.120 2012 (UTC - 7:00)
System Uptime: 0 days 0:06:36.931
Loading Kernel Symbols
...............................................................
................................................................
.....................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {31, fffffa800a41e150, fffff8800a97d000, fffff8a0043cb21a}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::NNGAKEGL::`string'+7271 )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000000031, The subtype of the bugcheck.
Arg2: fffffa800a41e150
Arg3: fffff8800a97d000
Arg4: fffff8a0043cb21a
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_31
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80003337b25 to fffff800030dac40
STACK_TEXT:
fffff880`0968f4d8 fffff800`03337b25 : 00000000`0000001a 00000000`00000031 fffffa80`0a41e150 fffff880`0a97d000 : nt!KeBugCheckEx
fffff880`0968f4e0 fffff800`033b2c37 : fffffa80`00000000 fffffa80`06dce060 00000000`00000948 fffff8a0`0438e000 : nt! ?? ::NNGAKEGL::`string'+0x7271
fffff880`0968f540 fffff800`0310a6eb : ffffffff`ffffffff fffff880`0968f6b0 00000000`00010000 fffff800`03102b00 : nt!MiRelocateImagePfn+0xf7
fffff880`0968f5a0 fffff800`03075b64 : fffffa80`0ae8c5f0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiWaitForInPageComplete+0x7ef
fffff880`0968f680 fffff800`03334e7a : 00000000`00000000 fffffa80`085d91a0 00000000`00000001 fffffa80`085d91a0 : nt!MiPfCompletePrefetchIos+0x54
fffff880`0968f6b0 fffff800`0353804d : 00000000`000000a8 00000000`0000071f fffffa80`085d91a0 fffff880`0968f778 : nt!MmPrefetchPages+0x13a
fffff880`0968f710 fffff800`0354006e : fffff8a0`00000000 fffff8a0`00000660 fffff8a0`0000017d fffff8a0`00000000 : nt!PfpPrefetchFilesTrickle+0x21d
fffff880`0968f810 fffff800`03540c07 : 00000000`00000000 fffff880`0968fca0 fffff880`0968fa08 fffff8a0`0368fc50 : nt!PfpPrefetchRequestPerform+0x30e
fffff880`0968f960 fffff800`0354d1de : fffff880`0968fa08 fffff880`0968fa01 fffffa80`0a4dd5c0 00000000`00000000 : nt!PfpPrefetchRequest+0x176
fffff880`0968f9d0 fffff800`03551a0a : 00000000`00000000 00000000`0000004f 00000000`00000000 00000000`0a2bf001 : nt!PfSetSuperfetchInformation+0x1ad
fffff880`0968fab0 fffff800`030d9ed3 : fffffa80`06dce060 00000000`00000000 00000000`0a26c301 00000000`0000dc10 : nt!NtSetSystemInformation+0xc8d
fffff880`0968fc20 00000000`76ea2a0a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00dff7d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76ea2a0a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::NNGAKEGL::`string'+7271
fffff800`03337b25 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::NNGAKEGL::`string'+7271
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x1a_31_nt!_??_::NNGAKEGL::_string_+7271
BUCKET_ID: X64_0x1a_31_nt!_??_::NNGAKEGL::_string_+7271
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010612-24819-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03068000 PsLoadedModuleList = 0xfffff800`032ad670
Debug session time: Fri Jan 6 12:58:23.726 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:35.912
Loading Kernel Symbols
...............................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 51, {1, fffff8a0034e7010, a0691000, 374}
Probably caused by : discache.sys ( discache!DisCreateObjectAttributeStore+ec )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
REGISTRY_ERROR (51)
Something has gone badly wrong with the registry. If a kernel debugger
is available, get a stack trace. It can also indicate that the registry got
an I/O error while trying to read one of its files, so it can be caused by
hardware problems or filesystem corruption.
It may occur due to a failure in a refresh operation, which is used only
in by the security system, and then only when resource limits are encountered.
Arguments:
Arg1: 0000000000000001, (reserved)
Arg2: fffff8a0034e7010, (reserved)
Arg3: 00000000a0691000, depends on where Windows bugchecked, may be pointer to hive
Arg4: 0000000000000374, depends on where Windows bugchecked, may be return code of
HvCheckHive if the hive is corrupt.
Debugging Details:
------------------
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x51
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80003413ea8 to fffff800030e4c40
STACK_TEXT:
fffff880`03183fd8 fffff800`03413ea8 : 00000000`00000051 00000000`00000001 fffff8a0`034e7010 00000000`a0691000 : nt!KeBugCheckEx
fffff880`03183fe0 fffff800`0335be52 : fffff8a0`034e7010 00000000`00040000 01cccc88`00000200 fffff8a0`00000002 : nt! ?? ::NNGAKEGL::`string'+0x9eea
fffff880`03184040 fffff800`0335ad71 : 00000000`00000000 00000000`00000002 fffff8a0`034e7bb8 00000000`00000001 : nt!HvInitializeHive+0x2c2
fffff880`031840a0 fffff800`0335c0ca : fffff880`03184230 fffff880`03184340 ffffffff`80001764 fffff880`03184778 : nt!CmpInitializeHive+0x4ad
fffff880`03184190 fffff800`0335b9c6 : 00000000`00000010 20204d43`00000000 fffff880`03184528 fffff880`03184521 : nt!CmpInitHiveFromFile+0x246
fffff880`031842e0 fffff800`03360b7f : 00000000`00000010 00000000`00000000 00000000`00000000 fffff800`033e1437 : nt!CmpCmdHiveOpen+0x8a
fffff880`031844d0 fffff800`033608b7 : fffff880`03180064 00000000`00000000 00000000`00000000 fffff880`03184b00 : nt!CmLoadKey+0x1a7
fffff880`031846c0 fffff800`030e3ed3 : 00000000`00000001 fffff880`03184bb0 fffff880`00000010 00000000`00000000 : nt!NtLoadKeyEx+0x4c5
fffff880`03184920 fffff800`030e0470 : fffff880`02c2de98 fffff880`02c353d0 00000000`00000000 00000000`00000001 : nt!KiSystemServiceCopyEnd+0x13
fffff880`03184b28 fffff880`02c2de98 : fffff880`02c353d0 00000000`00000000 00000000`00000001 00000000`00000001 : nt!KiServiceLinkage
fffff880`03184b30 fffff880`02c2c2b2 : 00000000`00000000 00000000`00000000 00000000`00000001 fffff8a0`03507bf0 : discache!DisCreateObjectAttributeStore+0xec
fffff880`03184bf0 fffff880`02c2c44b : fffff800`00000043 00000000`00000000 fffff800`032852b8 00000000`00000000 : discache!ScpInitializeCache+0x19a
fffff880`03184c30 fffff800`030ef001 : fffff880`02c2c370 ffffffff`80001658 fffffa80`0673dc00 fffffa80`00000657 : discache!ScpInitializationWorker+0xdb
fffff880`03184cb0 fffff800`0337ffee : 00000000`00000000 fffffa80`06787b60 00000000`00000080 fffffa80`06723040 : nt!ExpWorkerThread+0x111
fffff880`03184d40 fffff800`030d65e6 : fffff880`03088180 fffffa80`06787b60 fffff880`03093040 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03184d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
discache!DisCreateObjectAttributeStore+ec
fffff880`02c2de98 3bc6 cmp eax,esi
SYMBOL_STACK_INDEX: a
SYMBOL_NAME: discache!DisCreateObjectAttributeStore+ec
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: discache
IMAGE_NAME: discache.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc52e
FAILURE_BUCKET_ID: X64_0x51_discache!DisCreateObjectAttributeStore+ec
BUCKET_ID: X64_0x51_discache!DisCreateObjectAttributeStore+ec
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010612-18564-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03054000 PsLoadedModuleList = 0xfffff800`03299670
Debug session time: Fri Jan 6 14:47:38.410 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:32.580
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {5100, fffff6fc5001e208, 74, 28}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+af37 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000005100, The subtype of the bugcheck.
Arg2: fffff6fc5001e208
Arg3: 0000000000000074
Arg4: 0000000000000028
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_5100
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: explorer.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff8000312a957 to fffff800030d0c40
STACK_TEXT:
fffff880`08ff9268 fffff800`0312a957 : 00000000`0000001a 00000000`00005100 fffff6fc`5001e208 00000000`00000074 : nt!KeBugCheckEx
fffff880`08ff9270 fffff800`030f3a4c : 00000000`000000b5 fffff880`08ff93c0 fffff8a0`03c00000 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0xaf37
fffff880`08ff9380 fffff800`031fcf86 : 00000000`000b5000 fffffa80`06697000 00000000`00000001 00000000`00000000 : nt!MiAllocatePagedPoolPages+0x4cc
fffff880`08ff94a0 fffff800`030f1760 : 00000000`000b5000 fffffa80`06697000 00000000`00000001 00000000`0000006c : nt!MiAllocatePoolPages+0x906
fffff880`08ff95e0 fffff800`031ff90e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`000b4640 : nt!ExpAllocateBigPool+0xb0
fffff880`08ff96d0 fffff800`033919d7 : 00000000`00400000 00000000`00400000 00000000`00000001 00000000`00000000 : nt!ExAllocatePoolWithTag+0x82e
fffff880`08ff97c0 fffff800`033cdfdc : fffff8a0`03b7b000 fffff880`08ff99b8 00000000`0000013d 00000000`00000000 : nt!MiRelocateImage+0x347
fffff880`08ff9930 fffff800`033ac596 : fffff880`08ff9b80 fffff880`08ff9ca0 00000000`00000000 00000000`00000001 : nt!MmCreateSection+0x8bc
fffff880`08ff9b30 fffff800`030cfed3 : fffffa80`0a3b4060 00000000`0662d028 fffff880`08ff9bc8 00000000`00000000 : nt!NtCreateSection+0x171
fffff880`08ff9bb0 00000000`77c517ba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0662d008 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77c517ba
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+af37
fffff800`0312a957 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+af37
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x1a_5100_nt!_??_::FNODOBFM::_string_+af37
BUCKET_ID: X64_0x1a_5100_nt!_??_::FNODOBFM::_string_+af37
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010612-21075-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0300a000 PsLoadedModuleList = 0xfffff800`0324f670
Debug session time: Fri Jan 6 15:02:02.949 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:33.136
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41790, fffffa8004e5f2b0, ffff, 0}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+36024 )
Followup: MachineOwner
---------
5: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa8004e5f2b0
Arg3: 000000000000ffff
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41790
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: WerFault.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800030f6150 to fffff80003086c40
STACK_TEXT:
fffff880`0a252828 fffff800`030f6150 : 00000000`0000001a 00000000`00041790 fffffa80`04e5f2b0 00000000`0000ffff : nt!KeBugCheckEx
fffff880`0a252830 fffff800`030ba569 : 00000000`00000000 00000000`76b59fff fffffa80`00000000 fffff880`00961000 : nt! ?? ::FNODOBFM::`string'+0x36024
fffff880`0a2529f0 fffff800`0339e221 : fffffa80`0a336630 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiRemoveMappedView+0xd9
fffff880`0a252b10 fffff800`0339e623 : 0000007f`00000000 00000000`76a60000 fffffa80`00000001 fffffa80`089df750 : nt!MiUnmapViewOfSection+0x1b1
fffff880`0a252bd0 fffff800`03085ed3 : 00000000`00000008 00000000`77091cc4 fffffa80`0a333060 00000000`00000000 : nt!NtUnmapViewOfSection+0x5f
fffff880`0a252c20 00000000`770415ba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`000feb28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x770415ba
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+36024
fffff800`030f6150 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+36024
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+36024
BUCKET_ID: X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+36024
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010712-17862-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03019000 PsLoadedModuleList = 0xfffff800`0325e670
Debug session time: Sat Jan 7 00:39:12.633 2012 (UTC - 7:00)
System Uptime: 0 days 9:36:06.443
Loading Kernel Symbols
...............................................................
................................................................
...................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {fffff8800b240000, 2, 1, fffff88001575f26}
Probably caused by : NETIO.SYS ( NETIO!memmove+d6 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff8800b240000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff88001575f26, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800032c8100
fffff8800b240000
CURRENT_IRQL: 2
FAULTING_IP:
NETIO!memmove+d6
fffff880`01575f26 4c8951f8 mov qword ptr [rcx-8],r10
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fffff80000b9a980 -- (.trap 0xfffff80000b9a980)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=727dc2573b9647fd rbx=0000000000000000 rcx=fffff8800b240008
rdx=000001fffd77621d rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001575f26 rsp=fffff80000b9ab18 rbp=00000000000005b4
r8=00000000000005b1 r9=0000000000000022 r10=767c62667c626a7c
r11=fffff8800b23fea5 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
NETIO!memmove+0xd6:
fffff880`01575f26 4c8951f8 mov qword ptr [rcx-8],r10 ds:0008:fffff880`0b240000=e9e9f8e47a7c9f53
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800030951e9 to fffff80003095c40
STACK_TEXT:
fffff800`00b9a838 fffff800`030951e9 : 00000000`0000000a fffff880`0b240000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff800`00b9a840 fffff800`03093e60 : 00000000`00000000 fffffa80`00000001 00000000`00000000 fffff800`00b9acb0 : nt!KiBugCheckDispatch+0x69
fffff800`00b9a980 fffff880`01575f26 : fffff880`0157db0d fffffa80`00000aaf fffffa80`000001fd 00000000`00000000 : nt!KiPageFault+0x260
fffff800`00b9ab18 fffff880`0157db0d : fffffa80`00000aaf fffffa80`000001fd 00000000`00000000 00000000`00001000 : NETIO!memmove+0xd6
fffff800`00b9ab20 fffff880`016b23d4 : fffff800`00b9acf8 fffff800`00b9acc8 fffff800`00b9ace8 fffff800`00b9acb0 : NETIO!RtlCopyMdlToMdlIndirect+0xfd
fffff800`00b9abc0 fffff880`016c9a45 : 00000008`0c560800 fffffa80`06e82cf0 fffffa80`06e82cf0 fffffa80`09d180e0 : tcpip!TcpSatisfyReceiveRequests+0x1f4
fffff800`00b9aea0 fffff880`016c8839 : fffffa80`0a67dc80 fffffa80`074b6db0 fffffa80`06e82d5c fffffa80`09985480 : tcpip!TcpDeliverDataToClient+0x105
fffff800`00b9b020 fffff880`016c5d58 : 00000000`e1072a9b fffffa80`06e82cf0 fffffa80`075a4f70 fffffa80`09985480 : tcpip!TcpDeliverReceive+0xa9
fffff800`00b9b120 fffff880`016c68b5 : 00000000`00000000 00000000`00000001 00000000`00000001 fffffa80`088fbe30 : tcpip!TcpTcbFastDatagram+0x208
fffff800`00b9b2e0 fffff880`016c567a : fffffa80`075bfb00 fffff880`016bdb00 fffffa80`07591901 00000000`00000000 : tcpip!TcpTcbReceive+0x1f5
fffff800`00b9b490 fffff880`016c72ab : fffffa80`089b60ae fffffa80`076f8000 00000000`00000000 fffff800`00b9b800 : tcpip!TcpMatchReceive+0x1fa
fffff800`00b9b5e0 fffff880`016be1c7 : fffffa80`075bfb00 fffffa80`0759bd01 fffffa80`0000a2c1 00000000`0000a2c1 : tcpip!TcpPreValidatedReceive+0x36b
fffff800`00b9b6b0 fffff880`016bdd3a : 00000000`00000000 fffff880`017dd9a0 fffff800`00b9b870 fffffa80`0853ce20 : tcpip!IppDeliverListToProtocol+0x97
fffff800`00b9b770 fffff880`016bd339 : 00000000`0021cceb fffff800`030a0497 00000000`00000000 fffff800`00b9b860 : tcpip!IppProcessDeliverList+0x5a
fffff800`00b9b810 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x23a
STACK_COMMAND: kb
FOLLOWUP_IP:
NETIO!memmove+d6
fffff880`01575f26 4c8951f8 mov qword ptr [rcx-8],r10
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: NETIO!memmove+d6
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETIO
IMAGE_NAME: NETIO.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce79381
FAILURE_BUCKET_ID: X64_0xD1_NETIO!memmove+d6
BUCKET_ID: X64_0xD1_NETIO!memmove+d6
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010712-22417-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03004000 PsLoadedModuleList = 0xfffff800`03249670
Debug session time: Sat Jan 7 10:16:05.544 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:33.730
Loading Kernel Symbols
...............................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {ffd178, 0, 774c7f18, 8}
Could not read faulting driver name
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+468e5 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: 0000000000ffd178, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: 00000000774c7f18, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000008, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032b3100
0000000000ffd178
FAULTING_IP:
+6136343135303762
00000000`774c7f18 ?? ???
MM_INTERNAL_CODE: 8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: WmiPrvSE.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff8000301417b to fffff80003080c40
STACK_TEXT:
fffff880`092b8ab8 fffff800`0301417b : 00000000`00000050 00000000`00ffd178 00000000`00000000 fffff880`092b8c20 : nt!KeBugCheckEx
fffff880`092b8ac0 fffff800`0307ed6e : 00000000`00000000 00000000`00ffd178 00000000`0096c801 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x468e5
fffff880`092b8c20 00000000`774c7f18 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`0096c9c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x774c7f18
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+468e5
fffff800`0301417b cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+468e5
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x50_nt!_??_::FNODOBFM::_string_+468e5
BUCKET_ID: X64_0x50_nt!_??_::FNODOBFM::_string_+468e5
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010712-18876-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03013000 PsLoadedModuleList = 0xfffff800`03258670
Debug session time: Sat Jan 7 11:01:11.001 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:30.187
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff880010501d1, fffff8800a591940, 0}
Probably caused by : fltmgr.sys ( fltmgr!TreeUnlinkMulti+51 )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff880010501d1, Address of the instruction which caused the bugcheck
Arg3: fffff8800a591940, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
fltmgr!TreeUnlinkMulti+51
fffff880`010501d1 488b4620 mov rax,qword ptr [rsi+20h]
CONTEXT: fffff8800a591940 -- (.cxr 0xfffff8800a591940)
rax=00000000000000e0 rbx=0000000000000000 rcx=fffffa800a469b48
rdx=fffffa800a498540 rsi=00000000000000b1 rdi=0000000000000000
rip=fffff880010501d1 rsp=fffff8800a592320 rbp=fffffa800a469b48
r8=ffffffffffffffff r9=ffffffffffffffff r10=000000000000000a
r11=0000000000000001 r12=fffffa800a498540 r13=0000000000000000
r14=0000000000002000 r15=fffffa8007901668
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
fltmgr!TreeUnlinkMulti+0x51:
fffff880`010501d1 488b4620 mov rax,qword ptr [rsi+20h] ds:002b:00000000`000000d1=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: GoogleUpdate.e
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff880010501d1
STACK_TEXT:
fffff880`0a592320 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : fltmgr!TreeUnlinkMulti+0x51
FOLLOWUP_IP:
fltmgr!TreeUnlinkMulti+51
fffff880`010501d1 488b4620 mov rax,qword ptr [rsi+20h]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: fltmgr!TreeUnlinkMulti+51
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: fltmgr
IMAGE_NAME: fltmgr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7929c
STACK_COMMAND: .cxr 0xfffff8800a591940 ; kb
FAILURE_BUCKET_ID: X64_0x3B_fltmgr!TreeUnlinkMulti+51
BUCKET_ID: X64_0x3B_fltmgr!TreeUnlinkMulti+51
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010712-18642-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0300b000 PsLoadedModuleList = 0xfffff800`03250670
Debug session time: Sat Jan 7 11:02:28.971 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:39.142
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C2, {99, fffff8a0029c9229, 0, 0}
Probably caused by : CI.dll ( CI!MincryptFreePolicyInfo+22 )
Followup: MachineOwner
---------
5: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000000000099, Attempt to free pool with invalid address (or corruption in pool header)
Arg2: fffff8a0029c9229, Address being freed
Arg3: 0000000000000000, 0
Arg4: 0000000000000000, 0
Debugging Details:
------------------
FAULTING_IP:
CI!MincryptFreePolicyInfo+22
fffff880`00c132a6 33c0 xor eax,eax
BUGCHECK_STR: 0xc2_99
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800035113dc to fffff80003087c40
STACK_TEXT:
fffff880`0a1890c8 fffff800`035113dc : 00000000`000000c2 00000000`00000099 fffff8a0`029c9229 00000000`00000000 : nt!KeBugCheckEx
fffff880`0a1890d0 fffff800`031376e1 : bfcec135`0000000a 00000000`00090885 33e458bf`00000002 00000000`000000a0 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`0a189110 fffff800`031b5c73 : fffff8a0`029c9219 00000000`000006e0 00000000`00000066 00000000`0000e9a0 : nt!VerifierFreeTrackedPool+0x41
fffff880`0a189150 fffff880`00c132a6 : 00000000`0001d490 fffff8a0`03738da0 00000000`00000164 00000000`0000e9a0 : nt!ExDeferredFreePool+0x129f
fffff880`0a189200 fffff880`00c0e05c : 00000000`0001d490 00000000`00000000 00000000`72634943 fffff8a0`03738da0 : CI!MincryptFreePolicyInfo+0x22
fffff880`0a189230 fffff880`00c0e4d4 : fffff880`0a189430 00000000`00000000 00000000`0000e9a0 ffffffff`800017e4 : CI!I_FreeCatalogData+0x70
fffff880`0a189260 fffff880`00c0d6ef : ffffffff`800015fc 00000000`c0000428 fffff880`0a189798 00000000`000002cb : CI!I_ReloadCatalogs+0x21c
fffff880`0a189400 fffff880`00c0bc3a : fffff880`0a1897b0 00000000`00000000 fffff880`00000000 00000000`00000000 : CI!I_FindFileOrHeaderHashInCatalogs+0x413
fffff880`0a1894a0 fffff880`00c0c748 : fffffa80`0a2355d0 fffff880`0a1897b0 00000000`00008004 00000000`00000000 : CI!CipGetPageHashesForFile+0xfa
fffff880`0a189580 fffff880`00c0af84 : 00000000`00000002 fffff880`0a189890 fffff880`0a189890 00000000`00000000 : CI!CipValidatePageHash+0x2e8
fffff880`0a189740 fffff800`032f4a44 : 00000000`00000001 00000000`000fffff fffffa80`0a2355d0 00000000`00000000 : CI!CiValidateImageHeader+0x1dc
fffff880`0a189820 fffff800`032f484a : 00000000`00000000 00000000`00000080 fffffa80`0a2366d0 00000000`00000000 : nt!SeValidateImageHeader+0x58
fffff880`0a189860 fffff800`03385086 : fffffa80`0a2355d0 fffffa80`0a2366d0 00000000`00000002 00000000`00000001 : nt!MiValidateImageHeader+0x21a
fffff880`0a189930 fffff800`03363596 : fffff880`0a189b80 fffff880`0a189ca0 00000000`00000000 00000000`00000001 : nt!MmCreateSection+0x966
fffff880`0a189b30 fffff800`03086ed3 : fffffa80`098da4f0 00000000`001ac7f8 fffff880`0a189bc8 00000000`001aca88 : nt!NtCreateSection+0x171
fffff880`0a189bb0 00000000`77b217ba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`001ac7d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77b217ba
STACK_COMMAND: kb
FOLLOWUP_IP:
CI!MincryptFreePolicyInfo+22
fffff880`00c132a6 33c0 xor eax,eax
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: CI!MincryptFreePolicyInfo+22
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: CI
IMAGE_NAME: CI.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7c944
FAILURE_BUCKET_ID: X64_0xc2_99_CI!MincryptFreePolicyInfo+22
BUCKET_ID: X64_0xc2_99_CI!MincryptFreePolicyInfo+22
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010712-18080-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0304f000 PsLoadedModuleList = 0xfffff800`03294670
Debug session time: Sat Jan 7 11:03:49.583 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:43.754
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff8800abdb6a8, fffff8800abdaf00, fffff800030f558f}
Probably caused by : Ntfs.sys ( Ntfs!NtfsInsertNameLink+d9 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff8800abdb6a8
Arg3: fffff8800abdaf00
Arg4: fffff800030f558f
Debugging Details:
------------------
EXCEPTION_RECORD: fffff8800abdb6a8 -- (.exr 0xfffff8800abdb6a8)
ExceptionAddress: fffff800030f558f (nt!RtlSplay+0x0000000000000111)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff8800abdaf00 -- (.cxr 0xfffff8800abdaf00)
rax=fffff8a0033833f8 rbx=fffff8a0031f53e8 rcx=fffff8a003792b98
rdx=fffff8a00339d71a rsi=00000000000000a6 rdi=fffff8a003792b88
rip=fffff800030f558f rsp=fffff8800abdb8e8 rbp=fffff8a003792b98
r8=0709000000000008 r9=0709000000000000 r10=00000000000004f0
r11=fffff8800abdb940 r12=fffff8a0018e1350 r13=0000000002af6678
r14=fffff8a0037928e0 r15=fffffa8009cbc430
iopl=0 nv up ei pl nz ac pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010213
nt!RtlSplay+0x111:
fffff800`030f558f 493910 cmp qword ptr [r8],rdx ds:002b:07090000`00000008=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 1
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032fe100
ffffffffffffffff
FOLLOWUP_IP:
Ntfs!NtfsInsertNameLink+d9
fffff880`01303810 49890424 mov qword ptr [r12],rax
FAULTING_IP:
nt!RtlSplay+111
fffff800`030f558f 493910 cmp qword ptr [r8],rdx
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff88001303810 to fffff800030f558f
STACK_TEXT:
fffff880`0abdb8e8 fffff880`01303810 : fffffa80`07907350 00000000`000007ff fffff8a0`037927b0 fffff880`0abdbbf8 : nt!RtlSplay+0x111
fffff880`0abdb8f0 fffff880`013038bc : fffffa80`09cbc408 fffff8a0`03792b48 00000000`00006a20 fffffa80`0814e410 : Ntfs!NtfsInsertNameLink+0xd9
fffff880`0abdb920 fffff880`012d3209 : 00000000`00000000 fffffa80`0814e410 fffffa80`09cbc408 00000000`000007ff : Ntfs!NtfsInsertPrefix+0x40
fffff880`0abdb960 fffff880`012f7179 : fffff880`093bf3b0 fffffa80`0814e410 fffffa80`09cbc430 00000000`00000000 : Ntfs!NtfsOpenFile+0x649
fffff880`0abdbb50 fffff880`0125fa3d : fffffa80`09cbc430 fffffa80`0814e410 fffff880`093bf3b0 fffffa80`091c9000 : Ntfs!NtfsCommonCreate+0xc49
fffff880`0abdbd30 fffff800`030c3757 : fffff880`093bf320 00000000`00000000 00000000`00000000 00000000`00000000 : Ntfs!NtfsCommonCreateCallout+0x1d
fffff880`0abdbd60 fffff800`030c3711 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxSwitchKernelStackCallout+0x27
fffff880`093bf1f0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: Ntfs!NtfsInsertNameLink+d9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b
STACK_COMMAND: .cxr 0xfffff8800abdaf00 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsInsertNameLink+d9
BUCKET_ID: X64_0x24_Ntfs!NtfsInsertNameLink+d9
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010712-18439-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03000000 PsLoadedModuleList = 0xfffff800`03245670
Debug session time: Sat Jan 7 11:05:35.872 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:43.058
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff880010f71d1, fffff88007693940, 0}
Probably caused by : fltmgr.sys ( fltmgr!TreeUnlinkMulti+51 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff880010f71d1, Address of the instruction which caused the bugcheck
Arg3: fffff88007693940, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
fltmgr!TreeUnlinkMulti+51
fffff880`010f71d1 488b4620 mov rax,qword ptr [rsi+20h]
CONTEXT: fffff88007693940 -- (.cxr 0xfffff88007693940)
rax=0000000000000095 rbx=0000000000000000 rcx=fffffa800a4c3e98
rdx=fffffa800a5d78d0 rsi=00000000000000b2 rdi=0000000000000000
rip=fffff880010f71d1 rsp=fffff88007694320 rbp=fffffa800a4c3e98
r8=ffffffffffffffff r9=ffffffffffffffff r10=0000000000000052
r11=0000000000000001 r12=fffffa800a5d78d0 r13=0000000000000000
r14=0000000000002000 r15=fffffa8007882668
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
fltmgr!TreeUnlinkMulti+0x51:
fffff880`010f71d1 488b4620 mov rax,qword ptr [rsi+20h] ds:002b:00000000`000000d2=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff880010f71d1
STACK_TEXT:
fffff880`07694320 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : fltmgr!TreeUnlinkMulti+0x51
FOLLOWUP_IP:
fltmgr!TreeUnlinkMulti+51
fffff880`010f71d1 488b4620 mov rax,qword ptr [rsi+20h]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: fltmgr!TreeUnlinkMulti+51
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: fltmgr
IMAGE_NAME: fltmgr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7929c
STACK_COMMAND: .cxr 0xfffff88007693940 ; kb
FAILURE_BUCKET_ID: X64_0x3B_fltmgr!TreeUnlinkMulti+51
BUCKET_ID: X64_0x3B_fltmgr!TreeUnlinkMulti+51
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010712-20966-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0301a000 PsLoadedModuleList = 0xfffff800`0325f670
Debug session time: Sat Jan 7 12:34:09.158 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:36.329
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {31, fffffa80066ca610, fffff88009a51000, fffff8a0030032f2}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::NNGAKEGL::`string'+7271 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000000031, The subtype of the bugcheck.
Arg2: fffffa80066ca610
Arg3: fffff88009a51000
Arg4: fffff8a0030032f2
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_31
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: SBAMTray.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800032f3b25 to fffff80003096c40
STACK_TEXT:
fffff880`098c5888 fffff800`032f3b25 : 00000000`0000001a 00000000`00000031 fffffa80`066ca610 fffff880`09a51000 : nt!KeBugCheckEx
fffff880`098c5890 fffff800`0336ec37 : 00000000`00000000 fffffa80`0a3ab8b0 00000000`0000003d fffff8a0`03000000 : nt! ?? ::NNGAKEGL::`string'+0x7271
fffff880`098c58f0 fffff800`030c66eb : ffffffff`ffffffff fffff880`098c5a78 00000000`00008000 fffffa80`0a33f000 : nt!MiRelocateImagePfn+0xf7
fffff880`098c5950 fffff800`030be6cf : fffffa80`09dbfe90 fffff880`098c5a80 fffffa80`0a39dd78 fffff800`030624ca : nt!MiWaitForInPageComplete+0x7ef
fffff880`098c5a30 fffff800`030a502a : 00000000`00000000 00000000`00000000 ffffffff`ffffffff fffff880`00000000 : nt!MiIssueHardFault+0x28b
fffff880`098c5ac0 fffff800`03094d6e : 00000000`00000008 00000000`00b6ded0 00000000`0017e201 00000000`7efde000 : nt!MmAccessFault+0x146a
fffff880`098c5c20 00000000`00b6ded0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`0027f73c 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xb6ded0
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::NNGAKEGL::`string'+7271
fffff800`032f3b25 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::NNGAKEGL::`string'+7271
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x1a_31_nt!_??_::NNGAKEGL::_string_+7271
BUCKET_ID: X64_0x1a_31_nt!_??_::NNGAKEGL::_string_+7271
Followup: MachineOwner
---------
Many of your blue screen crashes were memory related. You also had some system related crashes and hard disk related crashes. Additionally, there was a registry related crash. We do not recommend fixing registry errors using registry cleaning tools, so if you have used one in the past, let us know as it may have led to your registry blue screen crash. If not, it may be due to system file corruption or hard disk errors.