Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BSOD on first boot ntoskrnl.exe

21 Jan 2012   #1

Windows 7 Professional 64
 
 
BSOD on first boot ntoskrnl.exe

Hi everyone, ended up here after googling my problem and found some threads with similiar but not the exact same circumstances.

Always, without fault, on the first boot I get a BSOD after windows have finished starting up. Every boot after that works like a charm but if I leave it off for a half hour or so I get a BSOD on boot again.

Some background info, got dropped with annoyingly high frequency while playing SWTOR so I pulled out the USB wireless dongle and gave it a try going wired via my integrated network card. Game played alot better but the next morning when I turned on my computer I got a BSOD. After a couple more of those I did some googling, downloaded BlueScreenView and had a quick look at the dumps. Ntoskrnl.exe seems to be the file causing the trouble so I did some more googling and found advice suggesting to update various drivers. Naturally, since this problem didn't come up until I went back to a wired connection I updated the drivers for the integrated network card. Thought that solved everything but the very next day, on the first boot, I got another BSOD.

I never deactivated the integrated card in the BIOS while going wireless with a USB-dongle so I don't see how it could cause trouble now since window's continued to load the drivers for it for months without problems, it only started acting up the moment it got a working connection.

I've gotten a bunch of different BSOD's ranging from "driver irql not less or equal", "kmode exception not handled", "page fault in nonpaged area" and "system service exception". All of them caused by different files like mup.sys, win32k.sys, CI.dll, atikmdag.sys, ndis.sys but ntoskrnl.exe is the only one that's involved in every single BSOD and it's always the cause with the crash adress being ntoskrnl.exe+7cc40

I won't be able to respond for like 24 hours or so due to work but I'll pull the wired connection and plug in the dongle again and see what happends when I turn the computer on tomorrow before returning to the thread. If the universe makes sense this should rid me of the BSOD but I'd rather run my connection wired for the time being.

Hope you can help me with this.

My System SpecsSystem Spec
.

21 Jan 2012   #2

Windows 7 Home Premium 64 Bit
 
 

Code:
  1. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\012112-8533-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02a58000 PsLoadedModuleList = 0xfffff800`02c9d670 Debug session time: Sat Jan 21 10:14:58.188 2012 (UTC - 7:00) System Uptime: 0 days 0:00:14.609 Loading Kernel Symbols ............................................................... ................................................................ .................... Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1E, {ffffffffc0000005, fffff88000d858bf, 0, d6e96461} Probably caused by : CI.dll ( CI!SHATransform+e1f ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KMODE_EXCEPTION_NOT_HANDLED (1e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffff88000d858bf, The address that the exception occurred at Arg3: 0000000000000000, Parameter 0 of the exception Arg4: 00000000d6e96461, Parameter 1 of the exception Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: CI!SHATransform+e1f fffff880`00d858bf 8b7c2430 mov edi,dword ptr [rsp+30h] EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 00000000d6e96461 READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002d07100 00000000d6e96461 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. BUGCHECK_STR: 0x1E_c0000005 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: explorer.exe CURRENT_IRQL: 0 TRAP_FRAME: fffff880034332e0 -- (.trap 0xfffff880034332e0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=00000000d6e96461 rbx=0000000000000000 rcx=00000000d72a76c4 rdx=00000000fb8841f8 rsi=0000000000000000 rdi=0000000000000000 rip=fffff88000d858bf rsp=fffff88003433470 rbp=000000006c79c1e0 r8=0000000006560951 r9=000000000c32f522 r10=0000000026b953b6 r11=00000000c4cbf639 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na po nc CI!SHATransform+0xe1f: fffff880`00d858bf 8b7c2430 mov edi,dword ptr [rsp+30h] ss:fffff880`034334a0=15b19807 Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002b20588 to fffff80002ad4c40 STACK_TEXT: fffff880`03432a58 fffff800`02b20588 : 00000000`0000001e ffffffff`c0000005 fffff880`00d858bf 00000000`00000000 : nt!KeBugCheckEx fffff880`03432a60 fffff800`02ad42c2 : fffff880`03433238 00000000`5bb739f7 fffff880`034332e0 00000000`88dcc716 : nt! ?? ::FNODOBFM::`string'+0x4977d fffff880`03433100 fffff800`02ad2e3a : 00000000`00000000 00000000`d6e96461 fffffa80`05319500 00000000`5bb739f7 : nt!KiExceptionDispatch+0xc2 fffff880`034332e0 fffff880`00d858bf : 6c79c1e0`44d28dcc 334ba770`da8027d4 5bb739f7`aaccf4e8 b03cccc7`88dcc716 : nt!KiPageFault+0x23a fffff880`03433470 fffff880`00d85d0c : fffff880`034335d8 00800000`014cfb82 00000008`e4fca6d6 fffff800`4b405047 : CI!SHATransform+0xe1f fffff880`03433500 fffff880`00d42830 : fffff880`03433800 00000000`00001000 00000000`00001000 00000000`00000000 : CI!A_SHAUpdate+0xcc fffff880`03433540 fffff880`00d426ff : 00000000`00001000 fffff8a0`061e02e0 00000000`00148800 fffff8a0`061e02f0 : CI!HashpHashBytes+0x40 fffff880`03433570 fffff880`00d394c9 : 00000000`00000000 00000000`00000000 fffffa80`040f8180 fffffa80`05867450 : CI!HashKComputeMemoryHash+0x53 fffff880`034336b0 fffff800`02d6ca55 : fffffa80`04849170 fffffa80`04849170 fffff8a0`030d7000 fffffa80`0162d920 : CI!CiValidateImageData+0x295 fffff880`03433890 fffff800`02d6cb15 : fffffa80`00000000 fffffa80`00000b11 fffff880`00000000 fffffa80`0000fe00 : nt!SeValidateImageData+0x21 fffff880`034338c0 fffff800`02b0490b : fffffa80`0162d920 fffffa80`0425b810 00000000`00000000 ffffffff`ffffffff : nt!MiValidateImagePfn+0xb5 fffff880`03433910 fffff800`02afc6cf : fffffa80`0425b750 fffff880`03433a40 fffffa80`055fbec8 fffff960`000c66bf : nt!MiWaitForInPageComplete+0xa0f fffff880`034339f0 fffff800`02ae302a : 00000000`00000000 00000000`00000000 ffffffff`ffffffff 00000000`00000000 : nt!MiIssueHardFault+0x28b fffff880`03433a80 fffff800`02ad2d6e : 00000000`00000008 000007fe`fe571067 00000000`029b0901 00000000`029f8c10 : nt!MmAccessFault+0x146a fffff880`03433be0 000007fe`fe571067 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e 00000000`0013ef10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`fe571067 STACK_COMMAND: kb FOLLOWUP_IP: CI!SHATransform+e1f fffff880`00d858bf 8b7c2430 mov edi,dword ptr [rsp+30h] SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: CI!SHATransform+e1f FOLLOWUP_NAME: MachineOwner MODULE_NAME: CI IMAGE_NAME: CI.dll DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7c944 FAILURE_BUCKET_ID: X64_0x1E_c0000005_CI!SHATransform+e1f BUCKET_ID: X64_0x1E_c0000005_CI!SHATransform+e1f Followup: MachineOwner ---------
  2. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\012012-8533-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02a16000 PsLoadedModuleList = 0xfffff800`02c5b670 Debug session time: Fri Jan 20 11:46:56.793 2012 (UTC - 7:00) System Uptime: 0 days 0:00:17.214 Loading Kernel Symbols ............................................................... ................................................................ ................... Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 3B, {c0000005, fffff80002d613c6, fffff88009ed8a70, 0} Probably caused by : hardware ( nt!CmpCreateKeyControlBlock+407 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff80002d613c6, Address of the instruction which caused the bugcheck Arg3: fffff88009ed8a70, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: nt!CmpCreateKeyControlBlock+407 fffff800`02d613c6 3101 xor dword ptr [rcx],eax CONTEXT: fffff88009ed8a70 -- (.cxr 0xfffff88009ed8a70) rax=0000000000200000 rbx=0000000000000000 rcx=0000000000000000 rdx=fffff8a00392c688 rsi=fffff8a00392c5d0 rdi=000000006a5588f1 rip=fffff80002d613c6 rsp=fffff88009ed9450 rbp=fffff8a002645024 r8=0000000000000005 r9=0000000000000002 r10=0000000000000000 r11=fffff8a00359d5c0 r12=fffff8a00392c5d4 r13=fffff8a00260d010 r14=0000000000000128 r15=fffff8a002604801 iopl=0 nv up ei pl zr na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246 nt!CmpCreateKeyControlBlock+0x407: fffff800`02d613c6 3101 xor dword ptr [rcx],eax ds:002b:00000000`00000000=???????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x3B PROCESS_NAME: explorer.exe CURRENT_IRQL: 0 MISALIGNED_IP: nt!CmpCreateKeyControlBlock+407 fffff800`02d613c6 3101 xor dword ptr [rcx],eax LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002d613c6 STACK_TEXT: fffff880`09ed9450 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!CmpCreateKeyControlBlock+0x407 FOLLOWUP_IP: nt!CmpCreateKeyControlBlock+407 fffff800`02d613c6 3101 xor dword ptr [rcx],eax SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!CmpCreateKeyControlBlock+407 FOLLOWUP_NAME: MachineOwner IMAGE_NAME: hardware DEBUG_FLR_IMAGE_TIMESTAMP: 0 STACK_COMMAND: .cxr 0xfffff88009ed8a70 ; kb MODULE_NAME: hardware FAILURE_BUCKET_ID: X64_IP_MISALIGNED BUCKET_ID: X64_IP_MISALIGNED Followup: MachineOwner ---------
  3. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\011712-8548-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02a60000 PsLoadedModuleList = 0xfffff800`02ca5670 Debug session time: Mon Jan 16 17:49:21.540 2012 (UTC - 7:00) System Uptime: 0 days 0:00:18.961 Loading Kernel Symbols ............................................................... ................................................................ .................... Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 50, {fffff89f90da3db5, 1, fffff880011625ff, 5} Could not read faulting driver name Probably caused by : luafv.sys ( luafv!LuafvGenerateFileName+82 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: fffff89f90da3db5, memory referenced. Arg2: 0000000000000001, value 0 = read operation, 1 = write operation. Arg3: fffff880011625ff, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000005, (reserved) Debugging Details: ------------------ Could not read faulting driver name WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002d0f100 fffff89f90da3db5 FAULTING_IP: fltmgr!FltpGetFileNameInformation+36f fffff880`011625ff 488d55c8 lea rdx,[rbp-38h] MM_INTERNAL_CODE: 5 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x50 PROCESS_NAME: explorer.exe CURRENT_IRQL: 1 TRAP_FRAME: fffff8800a3228e0 -- (.trap 0xfffff8800a3228e0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa8005b0ac80 rbx=0000000000000000 rcx=00000000000004bf rdx=fffffa8004210010 rsi=0000000000000000 rdi=0000000000000000 rip=fffff880011625ff rsp=fffff8800a322a70 rbp=fffff8a003907560 r8=fffffa800426d1e0 r9=fffff8a0039075e0 r10=fffff88001179840 r11=fffffa80048a5640 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po nc fltmgr!FltpGetFileNameInformation+0x36f: fffff880`011625ff 488d55c8 lea rdx,[rbp-38h] Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002a873bf to fffff80002adcc40 STACK_TEXT: fffff880`0a322778 fffff800`02a873bf : 00000000`00000050 fffff89f`90da3db5 00000000`00000001 fffff880`0a3228e0 : nt!KeBugCheckEx fffff880`0a322780 fffff800`02adad6e : 00000000`00000001 fffff89f`90da3db5 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x44791 fffff880`0a3228e0 fffff880`011625ff : 00000000`00000000 fffffa80`05b0ac80 fffffa80`04002000 fffff8a0`0391d9f8 : nt!KiPageFault+0x16e fffff880`0a322a70 fffff880`0117f5ef : fffffa80`05b04000 fffffa80`05b0ac80 00000000`00000000 00000000`00000000 : fltmgr!FltpGetFileNameInformation+0x36f fffff880`0a322af0 fffff880`08811bca : fffffa80`042462c0 fffffa80`048a5770 00000000`00000000 fffff800`02c0b1de : fltmgr!FltGetFileNameInformationUnsafe+0x7f fffff880`0a322b60 fffff880`01181035 : fffffa80`048a5770 fffff800`02b08830 fffff880`0a322c88 00000000`00000000 : luafv!LuafvGenerateFileName+0x82 fffff880`0a322b90 fffff880`01180ee7 : fffffa80`03a24000 00000000`00000000 fffffa80`048a5770 00000000`00000000 : fltmgr!FltpCallOpenedFileNameHandler+0x75 fffff880`0a322bd0 fffff880`01180e1e : fffffa80`048a5770 fffffa80`052dd010 00000000`00000000 fffff880`01162daa : fltmgr!FltpGetNormalizedFileNameWorker+0x27 fffff880`0a322c10 fffff880`011624fb : fffffa80`04210010 fffffa80`05b0ac80 fffffa80`04002000 fffff880`0a324000 : fltmgr!FltpCreateFileNameInformation+0xee fffff880`0a322c70 fffff880`0117f5ef : 00000000`00008000 fffffa80`05b0ac80 fffffa80`052dd010 fffff880`0a322ea8 : fltmgr!FltpGetFileNameInformation+0x26b fffff880`0a322cf0 fffff880`018a2fda : fffffa80`048a5770 00000000`00000000 00000000`00000844 fffffa80`03968de0 : fltmgr!FltGetFileNameInformationUnsafe+0x7f fffff880`0a322d60 fffff880`018a2f23 : 00000000`00000000 fffff880`0a323c60 00000000`00000844 fffff880`0a323c60 : tcpip!WfpAleCaptureImageFileName+0x3a fffff880`0a322db0 fffff880`018c495e : fffff8a0`003110d0 00000000`00000000 fffffa80`05b6a630 00000000`00000000 : tcpip!WfpCreateProcessNotifyRoutine+0x63 fffff880`0a322e90 fffff800`02dc9f0e : fffff8a0`00004490 fffff880`0a323c60 fffff8a0`002da4f0 00000000`00000002 : tcpip!CreateProcessNotifyRoutineEx+0xe fffff880`0a322ec0 fffff800`02d86737 : fffffa80`05ca5b60 fffffa80`05b6a630 fffff880`0a323170 fffff880`0a3230ac : nt!PspInsertThread+0x66e fffff880`0a323040 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtCreateUserProcess+0x732 STACK_COMMAND: kb FOLLOWUP_IP: luafv!LuafvGenerateFileName+82 fffff880`08811bca 8bd8 mov ebx,eax SYMBOL_STACK_INDEX: 5 SYMBOL_NAME: luafv!LuafvGenerateFileName+82 FOLLOWUP_NAME: MachineOwner MODULE_NAME: luafv IMAGE_NAME: luafv.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc295 FAILURE_BUCKET_ID: X64_0x50_luafv!LuafvGenerateFileName+82 BUCKET_ID: X64_0x50_luafv!LuafvGenerateFileName+82 Followup: MachineOwner ---------
  4. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\011612-3712-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02a06000 PsLoadedModuleList = 0xfffff800`02c4b670 Debug session time: Mon Jan 16 03:12:41.010 2012 (UTC - 7:00) System Uptime: 0 days 0:00:20.431 Loading Kernel Symbols ............................................................... ................................................................ ...................... Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 50, {fffff88060bcacf2, 8, fffff88060bcacf2, 5} Could not read faulting driver name Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+44791 ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: fffff88060bcacf2, memory referenced. Arg2: 0000000000000008, value 0 = read operation, 1 = write operation. Arg3: fffff88060bcacf2, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000005, (reserved) Debugging Details: ------------------ Could not read faulting driver name WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cb5100 fffff88060bcacf2 FAULTING_IP: +3231313266306334 fffff880`60bcacf2 ?? ??? MM_INTERNAL_CODE: 5 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x50 PROCESS_NAME: ekrn.exe CURRENT_IRQL: 0 TRAP_FRAME: fffff8800a3f6600 -- (.trap 0xfffff8800a3f6600) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff8a000c27840 rbx=0000000000000000 rcx=00000000000018a1 rdx=fffff88002f00000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff88060bcacf2 rsp=fffff8800a3f6790 rbp=fffff8a007e32f80 r8=000000000000c508 r9=0000000000000050 r10=fffff80002a06000 r11=00000000000004ed r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc fffff880`60bcacf2 ?? ??? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002a2d3bf to fffff80002a82c40 STACK_TEXT: fffff880`0a3f6498 fffff800`02a2d3bf : 00000000`00000050 fffff880`60bcacf2 00000000`00000008 fffff880`0a3f6600 : nt!KeBugCheckEx fffff880`0a3f64a0 fffff800`02a80d6e : 00000000`00000008 fffff880`60bcacf2 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x44791 fffff880`0a3f6600 fffff880`60bcacf2 : fffff880`0a3f6850 00000000`00000000 00000000`41746e4d 00000000`000007ff : nt!KiPageFault+0x16e fffff880`0a3f6790 fffff880`0a3f6850 : 00000000`00000000 00000000`41746e4d 00000000`000007ff fffff8a0`07e32f80 : 0xfffff880`60bcacf2 fffff880`0a3f6798 00000000`00000000 : 00000000`41746e4d 00000000`000007ff fffff8a0`07e32f80 00000000`00000032 : 0xfffff880`0a3f6850 STACK_COMMAND: kb FOLLOWUP_IP: nt! ?? ::FNODOBFM::`string'+44791 fffff800`02a2d3bf cc int 3 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+44791 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3 FAILURE_BUCKET_ID: X64_0x50_nt!_??_::FNODOBFM::_string_+44791 BUCKET_ID: X64_0x50_nt!_??_::FNODOBFM::_string_+44791 Followup: MachineOwner ---------
  5. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\011612-8626-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02a1c000 PsLoadedModuleList = 0xfffff800`02c61670 Debug session time: Mon Jan 16 03:11:58.609 2012 (UTC - 7:00) System Uptime: 0 days 0:00:27.029 Loading Kernel Symbols ............................................................... ................................................................ ...................... Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {fffff8807c9a5121, 2, 8, fffff8807c9a5121} Unable to load image \SystemRoot\system32\DRIVERS\netr28ux.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for netr28ux.sys *** ERROR: Module load completed but symbols could not be loaded for netr28ux.sys Probably caused by : netr28ux.sys ( netr28ux+418b0 ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: fffff8807c9a5121, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000008, value 0 = read operation, 1 = write operation Arg4: fffff8807c9a5121, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ccb100 fffff8807c9a5121 CURRENT_IRQL: 2 FAULTING_IP: +3231313266306334 fffff880`7c9a5121 ?? ??? CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: System TRAP_FRAME: fffff88002f1b460 -- (.trap 0xfffff88002f1b460) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffff8807c9a5121 rbx=0000000000000000 rcx=fffff88002665000 rdx=fffffa8005610014 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8807c9a5121 rsp=fffff88002f1b5f0 rbp=0000000000000000 r8=fffff88002f1b668 r9=fffff88002f1b66c r10=fffff80002a1c000 r11=0000000000000002 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po nc fffff880`7c9a5121 ?? ??? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002a981e9 to fffff80002a98c40 FAILED_INSTRUCTION_ADDRESS: +3231313266306334 fffff880`7c9a5121 ?? ??? STACK_TEXT: fffff880`02f1b318 fffff800`02a981e9 : 00000000`0000000a fffff880`7c9a5121 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx fffff880`02f1b320 fffff800`02a96e60 : fffffa80`055cfe10 fffff880`06405f99 fffffa80`04730480 fffffa80`055cd9f0 : nt!KiBugCheckDispatch+0x69 fffff880`02f1b460 fffff880`7c9a5121 : fffffa80`055cd9f0 fffff880`026a68b0 00000000`000000e5 fffffa80`06768610 : nt!KiPageFault+0x260 fffff880`02f1b5f0 fffffa80`055cd9f0 : fffff880`026a68b0 00000000`000000e5 fffffa80`06768610 fffffa80`0561002c : 0xfffff880`7c9a5121 fffff880`02f1b5f8 fffff880`026a68b0 : 00000000`000000e5 fffffa80`06768610 fffffa80`0561002c fffffa80`055cd9f0 : 0xfffffa80`055cd9f0 fffff880`02f1b600 00000000`000000e5 : fffffa80`06768610 fffffa80`0561002c fffffa80`055cd9f0 00000000`00000008 : netr28ux+0x418b0 fffff880`02f1b608 fffffa80`06768610 : fffffa80`0561002c fffffa80`055cd9f0 00000000`00000008 00000000`00000004 : 0xe5 fffff880`02f1b610 fffffa80`0561002c : fffffa80`055cd9f0 00000000`00000008 00000000`00000004 fffffa80`051551b0 : 0xfffffa80`06768610 fffff880`02f1b618 fffffa80`055cd9f0 : 00000000`00000008 00000000`00000004 fffffa80`051551b0 fffff880`026a5ed3 : 0xfffffa80`0561002c fffff880`02f1b620 00000000`00000008 : 00000000`00000004 fffffa80`051551b0 fffff880`026a5ed3 fffffa80`051d1000 : 0xfffffa80`055cd9f0 fffff880`02f1b628 00000000`00000004 : fffffa80`051551b0 fffff880`026a5ed3 fffffa80`051d1000 fffffa80`05610014 : 0x8 fffff880`02f1b630 fffffa80`051551b0 : fffff880`026a5ed3 fffffa80`051d1000 fffffa80`05610014 fffff880`02f1b668 : 0x4 fffff880`02f1b638 fffff880`026a5ed3 : fffffa80`051d1000 fffffa80`05610014 fffff880`02f1b668 fffff880`02f1b66c : 0xfffffa80`051551b0 fffff880`02f1b640 fffffa80`051d1000 : fffffa80`05610014 fffff880`02f1b668 fffff880`02f1b66c fffffa80`05610014 : netr28ux+0x40ed3 fffff880`02f1b648 fffffa80`05610014 : fffff880`02f1b668 fffff880`02f1b66c fffffa80`05610014 fffff880`0266dc52 : 0xfffffa80`051d1000 fffff880`02f1b650 fffff880`02f1b668 : fffff880`02f1b66c fffffa80`05610014 fffff880`0266dc52 fffffa80`0541ba20 : 0xfffffa80`05610014 fffff880`02f1b658 fffff880`02f1b66c : fffffa80`05610014 fffff880`0266dc52 fffffa80`0541ba20 fffffa80`051db0b0 : 0xfffff880`02f1b668 fffff880`02f1b660 fffffa80`05610014 : fffff880`0266dc52 fffffa80`0541ba20 fffffa80`051db0b0 0000000c`00000c00 : 0xfffff880`02f1b66c fffff880`02f1b668 fffff880`0266dc52 : fffffa80`0541ba20 fffffa80`051db0b0 0000000c`00000c00 00000000`00000000 : 0xfffffa80`05610014 fffff880`02f1b670 fffffa80`0541ba20 : fffffa80`051db0b0 0000000c`00000c00 00000000`00000000 00000000`000000e5 : netr28ux+0x8c52 fffff880`02f1b678 fffffa80`051db0b0 : 0000000c`00000c00 00000000`00000000 00000000`000000e5 fffff880`026708e8 : 0xfffffa80`0541ba20 fffff880`02f1b680 0000000c`00000c00 : 00000000`00000000 00000000`000000e5 fffff880`026708e8 fffffa80`051d1000 : 0xfffffa80`051db0b0 fffff880`02f1b688 00000000`00000000 : 00000000`000000e5 fffff880`026708e8 fffffa80`051d1000 fffffa80`05890000 : 0xc`00000c00 STACK_COMMAND: kb FOLLOWUP_IP: netr28ux+418b0 fffff880`026a68b0 ?? ??? SYMBOL_STACK_INDEX: 5 SYMBOL_NAME: netr28ux+418b0 FOLLOWUP_NAME: MachineOwner MODULE_NAME: netr28ux IMAGE_NAME: netr28ux.sys DEBUG_FLR_IMAGE_TIMESTAMP: 49a6032d FAILURE_BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_netr28ux+418b0 BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_netr28ux+418b0 Followup: MachineOwner ---------
  6. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\011612-3853-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02a4b000 PsLoadedModuleList = 0xfffff800`02c90670 Debug session time: Sun Jan 15 20:07:20.387 2012 (UTC - 7:00) System Uptime: 0 days 0:00:31.807 Loading Kernel Symbols ............................................................... ................................................................ ...................... Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {0, 2, 1, fffff880014633c0} Probably caused by : NETIO.SYS ( NETIO!NsiEnumerateObjectsAllParametersEx+24f ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000000, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, value 0 = read operation, 1 = write operation Arg4: fffff880014633c0, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cfa100 0000000000000000 CURRENT_IRQL: 2 FAULTING_IP: ndis!ndisIfQueryObject+340 fffff880`014633c0 49890424 mov qword ptr [r12],rax CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: msnmsgr.exe TRAP_FRAME: fffff8800b34cec0 -- (.trap 0xfffff8800b34cec0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000008 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff880014633c0 rsp=fffff8800b34d050 rbp=0000000000010285 r8=fffff8800145e000 r9=0000000000000000 r10=fffff8800145e000 r11=fffff880014c2758 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc ndis!ndisIfQueryObject+0x340: fffff880`014633c0 49890424 mov qword ptr [r12],rax ds:00000000`00000000=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002ac71e9 to fffff80002ac7c40 STACK_TEXT: fffff880`0b34cd78 fffff800`02ac71e9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx fffff880`0b34cd80 fffff800`02ac5e60 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff880`0b34cec0 fffff880`014633c0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260 fffff880`0b34d050 fffff880`01465593 : 00000000`00000204 00000000`0000027c 00000000`00000000 fffff800`02ad9e84 : ndis!ndisIfQueryObject+0x340 fffff880`0b34d1e0 fffff880`01465d19 : fffffa80`047531a0 fffffa80`047531a0 fffffa80`04753200 fffffa80`05b0aaf8 : ndis!ndisNsiGetInterfaceRodEnumObject+0x243 fffff880`0b34d4a0 fffff880`01554aab : 00000000`00000000 fffffa80`00000008 00000000`00000290 fffffa80`00000238 : ndis!ndisNsiEnumerateAllInterfaceInformation+0x2ea fffff880`0b34d590 fffff880`061c6e29 : fffffa80`05b09000 fffff8a0`00000070 fffffa80`065b5d00 fffff880`0b34d8d0 : NETIO!NsiEnumerateObjectsAllParametersEx+0x24f fffff880`0b34d770 fffff880`061c88e8 : fffffa80`065b5d00 fffffa80`065b5c30 00000000`00000000 fffffa80`065b5c68 : nsiproxy!NsippEnumerateObjectsAllParameters+0x305 fffff880`0b34d960 fffff880`061c89db : fffffa80`0461ec50 00000000`00000000 00000000`00000001 00000000`00000003 : nsiproxy!NsippDispatchDeviceControl+0x70 fffff880`0b34d9a0 fffff800`02de2a97 : fffffa80`04278070 fffffa80`04278070 fffffa80`065b5d48 fffffa80`065b5c30 : nsiproxy!NsippDispatch+0x4b fffff880`0b34d9d0 fffff800`02de32f6 : 00000000`099fe578 00000000`00000eac 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x607 fffff880`0b34db00 fffff800`02ac6ed3 : fffffa80`05afab60 00000000`099fe518 fffff880`0b34db88 00000000`00000001 : nt!NtDeviceIoControlFile+0x56 fffff880`0b34db70 00000000`75042e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`099fee28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x75042e09 STACK_COMMAND: kb FOLLOWUP_IP: NETIO!NsiEnumerateObjectsAllParametersEx+24f fffff880`01554aab 8bd8 mov ebx,eax SYMBOL_STACK_INDEX: 6 SYMBOL_NAME: NETIO!NsiEnumerateObjectsAllParametersEx+24f FOLLOWUP_NAME: MachineOwner MODULE_NAME: NETIO IMAGE_NAME: NETIO.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 4ce79381 FAILURE_BUCKET_ID: X64_0xD1_NETIO!NsiEnumerateObjectsAllParametersEx+24f BUCKET_ID: X64_0xD1_NETIO!NsiEnumerateObjectsAllParametersEx+24f Followup: MachineOwner ---------
  7. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\011612-8548-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02a12000 PsLoadedModuleList = 0xfffff800`02c57670 Debug session time: Sun Jan 15 20:05:56.646 2012 (UTC - 7:00) System Uptime: 0 days 0:00:28.926 Loading Kernel Symbols ............................................................... ................................................................ ...................... Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {100248c8d60, 2, 0, fffff8800768503a} Unable to load image \SystemRoot\system32\DRIVERS\atikmdag.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for atikmdag.sys *** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys Probably caused by : atikmdag.sys ( atikmdag+3e403a ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 00000100248c8d60, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff8800768503a, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc1100 00000100248c8d60 CURRENT_IRQL: 2 FAULTING_IP: atikmdag+3e403a fffff880`0768503a 48ff6018 jmp qword ptr [rax+18h] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: System TRAP_FRAME: fffff88006f3c240 -- (.trap 0xfffff88006f3c240) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=00000100248c8d48 rbx=0000000000000000 rcx=fffff80002a914da rdx=fffffa8005150270 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8800768503a rsp=fffff88006f3c3d0 rbp=fffffa800597a980 r8=fffffa800597a980 r9=0000000000000242 r10=0000024200000c40 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc atikmdag+0x3e403a: fffff880`0768503a 48ff6018 jmp qword ptr [rax+18h] ds:00000100`248c8d60=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002a8e1e9 to fffff80002a8ec40 STACK_TEXT: fffff880`06f3c0f8 fffff800`02a8e1e9 : 00000000`0000000a 00000100`248c8d60 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`06f3c100 fffff800`02a8ce60 : fffffa80`0597a980 fffff880`06f3c7f0 fffffa80`03c8ee40 fffffa80`05150000 : nt!KiBugCheckDispatch+0x69 fffff880`06f3c240 fffff880`0768503a : fffff880`07688d09 fffff880`0768a1fa fffffa80`05150000 fffffa80`05150000 : nt!KiPageFault+0x260 fffff880`06f3c3d0 fffff880`07688d09 : fffff880`0768a1fa fffffa80`05150000 fffffa80`05150000 fffffa80`0597a980 : atikmdag+0x3e403a fffff880`06f3c3d8 fffff880`0768a1fa : fffffa80`05150000 fffffa80`05150000 fffffa80`0597a980 fffffa80`051501a0 : atikmdag+0x3e7d09 fffff880`06f3c3e0 fffffa80`05150000 : fffffa80`05150000 fffffa80`0597a980 fffffa80`051501a0 fffff880`06f3c500 : atikmdag+0x3e91fa fffff880`06f3c3e8 fffffa80`05150000 : fffffa80`0597a980 fffffa80`051501a0 fffff880`06f3c500 fffffa80`0597a980 : 0xfffffa80`05150000 fffff880`06f3c3f0 fffffa80`0597a980 : fffffa80`051501a0 fffff880`06f3c500 fffffa80`0597a980 fffff880`047e8000 : 0xfffffa80`05150000 fffff880`06f3c3f8 fffffa80`051501a0 : fffff880`06f3c500 fffffa80`0597a980 fffff880`047e8000 fffff880`076a6460 : 0xfffffa80`0597a980 fffff880`06f3c400 fffff880`06f3c500 : fffffa80`0597a980 fffff880`047e8000 fffff880`076a6460 00000000`00000000 : 0xfffffa80`051501a0 fffff880`06f3c408 fffffa80`0597a980 : fffff880`047e8000 fffff880`076a6460 00000000`00000000 00000000`00000000 : 0xfffff880`06f3c500 fffff880`06f3c410 fffff880`047e8000 : fffff880`076a6460 00000000`00000000 00000000`00000000 fffffa80`05150000 : 0xfffffa80`0597a980 fffff880`06f3c418 fffff880`076a6460 : 00000000`00000000 00000000`00000000 fffffa80`05150000 fffffa80`05150020 : 0xfffff880`047e8000 fffff880`06f3c420 00000000`00000000 : 00000000`00000000 fffffa80`05150000 fffffa80`05150020 fffff880`06f3c7f0 : atikmdag+0x405460 STACK_COMMAND: kb FOLLOWUP_IP: atikmdag+3e403a fffff880`0768503a 48ff6018 jmp qword ptr [rax+18h] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: atikmdag+3e403a FOLLOWUP_NAME: MachineOwner MODULE_NAME: atikmdag IMAGE_NAME: atikmdag.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4ebb3c7e FAILURE_BUCKET_ID: X64_0xD1_atikmdag+3e403a BUCKET_ID: X64_0xD1_atikmdag+3e403a Followup: MachineOwner ---------
  1. Possible causes are Memory problems... Viruses... Corrupted hard disk system files... Corrupted System Files... Lack of Windows updates... Drivers...
  2. Possible causes are Memory problems... Corrupted hard disk system files... Corrupted System Files... Graphics Driver...
  3. Possible causes are Memory problems... Graphics card memory problems... CMOS... Corrupted hard disk system files... Corrupted System Files... Missing Windows Updates... Drivers...
  4. Seems most likely to be caused by your antivirus software, ESET. Other possible causes are Memory problems... Graphics card memory problems... CMOS... Corrupted hard disk system files... Corrupted System Files... Missing Windows Updates... Drivers...
  5. Caused by netr28ux.sys, which is your Ralink RT2870 series USB802.11n Wireless Adapter Driver (you may have a different manufacturer). Could be due to ESET preventing the driver from working properly.
  6. NETIO.SYS is typically blamed when a network driver is corrupt or antivirus software interferes with the network adapter. Could be ESET again.
  7. This was due to your graphics card driver.
Thanks to Dave76 for help understanding possible causes.

Start with the problem that occurs the most; your antivirus software being to blame or possibly to blame in at least three instances.
My System SpecsSystem Spec
22 Jan 2012   #3

Windows 7 Professional 64
 
 

So, first boot of the day, and it went flawless, guess that rules out all the other stuff you listed, writhziden. I really appreciate your help though.

Last night I pulled out the tp-cable and plugged in the usb-dongle again, afterwards I went into BIOS and disabled the integrated network card before shutting down for the night. Can't be old network card drivers, I updated that just one week ago when I got the first BSOD, is it triggered by some kind of conflict between my wired and wireless connections?

Would appreciate some thoughts on that before I do something drastic, like getting rid of the antivirus software which I've already paid a 1-year license for. I'll dig up an old USB-memory tomorrow and run some memtest later, just to be sure. I think I've already done a scan of the systemfiles using chkdsk and nothing corrupted was found, same with the harddrives, no problems there according to Intel SSD Toolbox. I may also try completely uninstalling the dongle and go back to wired just to make sure they're the ones interfering with each other..
My System SpecsSystem Spec
.


22 Jan 2012   #4

Windows 7 Home Premium 64 Bit
 
 

It could be a conflict between drivers, but since ESET was blamed in one of the crashes, it is possible that ESET is causing the conflict between those drivers. ESET is normally a good piece of software, but it has been known to cause conflicts on some systems. If disabling the wired connection works, then I would use that as a workaround solution if you are set against getting rid of ESET.

Just an fyi: I do not know what the ESET policy is, but some antivirus software companies will refund the remaining money for the remaining time of the license if you are no longer going to use the product due to a conflict with your system. You could also see if they are willing to do troubleshooting steps to determine why their software caused the crash.


Edit: Also, you said you updated your network adapter drivers. What steps did you follow to do so? Sometimes it is necessary to uninstall the old driver completely before installing the new one.
My System SpecsSystem Spec
22 Jan 2012   #5

Windows 7 Professional 64
 
 

Well, I guess I could try uninstalling ESET and go back to having both wired and wireless activated at the same time and see what happends, if I'm not seeing any more BSODs then that should isolate ESET as the cause. And I can always reinstall it and continue with one of the connections disabled.

As for the network driver, I just used 'update driver' in the device manager. I knew gfx-drivers are picky and may have to be completely uninstalled before installing new ones but didn't know it also applied to other devices. And it's certainly a first for me that drivers are causing rampant BSODs. Oh well, tomorrow I'll run a couple of passes of memtest and do complete reinstalls of the network devices, with freshly downloaded drivers.

I guess it'll take quite a while to fix this, seeing as the easiest way to repeat the conditions and make certain they occur are to leave the computer off for a few hours, preferrably over night.
My System SpecsSystem Spec
22 Jan 2012   #6

Windows 7 Home Premium 64 Bit
 
 

Quote   Quote: Originally Posted by Pirazy View Post
Well, I guess I could try uninstalling ESET and go back to having both wired and wireless activated at the same time and see what happends, if I'm not seeing any more BSODs then that should isolate ESET as the cause. And I can always reinstall it and continue with one of the connections disabled.

As for the network driver, I just used 'update driver' in the device manager. I knew gfx-drivers are picky and may have to be completely uninstalled before installing new ones but didn't know it also applied to other devices. And it's certainly a first for me that drivers are causing rampant BSODs. Oh well, tomorrow I'll run a couple of passes of memtest and do complete reinstalls of the network devices, with freshly downloaded drivers.

I guess it'll take quite a while to fix this, seeing as the easiest way to repeat the conditions and make certain they occur are to leave the computer off for a few hours, preferrably over night.
Good troubleshooting thoughts for ESET and the network devices. In regards to the network adapter drivers, my wireless driver is very hard to update at times, and I have had to uninstall and then install the latest afterward. Helped someone earlier today having the same trouble getting the wireless card to update; Windows kept saying that it was already at the latest even though it was not.

However long it takes is fine as long as it does not interfere with your ability to do your normal routine. We will be here to help through the process for as long as it takes. Keep us posted on your steps and the results, and also the result of the Memtests.

Due to all the components and software within a computer, the best we can do is help users to narrow down causes by eliminating possibilities one at a time. Appreciate your willingness to follow the troubleshooting steps to rule out causes.
My System SpecsSystem Spec
24 Jan 2012   #7

Windows 7 Professional 64
 
 

Another day, another BSOD.

Uninstalled both devices yesterday, rebooted and updated their drivers to the most recent ones (couldn't do a fresh install with the new driver from the start because Windows 7 insisted on installing them straight away using old drivers without asking permission).

When booting up today I got a BSOD, although this time Windows 7 froze on the second boot when loading windows, during the animated logo, so the next boot windows performed tests and tried to repair various system files. Either it didn't find anything or it just couldn't repair what was broken because it only suggested a system restore, seeing as it didn't seem to think it was important to tell me when the last system restore point was made I skipped it.

I'll uninstall ESET later tonight and we'll see what happends tomorrow when I try another fresh boot.

EDIT: Can it be an IRQ-conflict? I had a look at the IRQ lists and I was surprised at how many devices shared an adress..



This can't be right, can it? There's like two-three devices sharing one adress in several instances, one of them being what I believe is the integrated audio which I've disabled in BIOS, that shouldn't even show up on this list, right? Or am I reading it wrong? This is practically chaos, shouldn't windows sound the alarm if I have this many conflicts?
My System SpecsSystem Spec
24 Jan 2012   #8

Windows 7 Home Premium 64 Bit
 
 

Quote   Quote: Originally Posted by Pirazy View Post
Another day, another BSOD.

Uninstalled both devices yesterday, rebooted and updated their drivers to the most recent ones (couldn't do a fresh install with the new driver from the start because Windows 7 insisted on installing them straight away using old drivers without asking permission).

I'll uninstall ESET later tonight and we'll see what happends tomorrow when I try another fresh boot.

EDIT: Can it be an IRQ-conflict? I had a look at the IRQ lists and I was surprised at how many devices shared an adress..



This can't be right, can it? There's like two-three devices sharing one adress in several instances, one of them being what I believe is the integrated audio which I've disabled in BIOS, that shouldn't even show up on this list, right? Or am I reading it wrong? This is practically chaos, shouldn't windows sound the alarm if I have this many conflicts?
That is fine that Windows installed the driver automatically. If you wanted to prevent that, you would need to find all versions of the driver on your machine and change the name to *.sys.bak where * is the name of the driver. I do not think it is necessary to do so at this time.

It is also pretty standard procedure for those addresses to be shared. My computer has seven shared devices on 16, three on 17, three on 18, and six on 19. HD Audio is not the same as the integrated audio. It is usually a subset of another device, and it is most often part of the display card. To find out what device yours is a part of, check the hardware IDs through device manager: start menu -> right click computer/my computer -> manage -> device manager (from the list on the left) -> expand sound, video, and game controllers -> right click the hd audio device -> details tab -> change property to hardware ids. Search for the id online to determine what it is part of, or check through your devices using the same procedure to determine each device's hardware id.

Quote   Quote: Originally Posted by Pirazy View Post
When booting up today I got a BSOD, although this time Windows 7 froze on the second boot when loading windows, during the animated logo, so the next boot windows performed tests and tried to repair various system files. Either it didn't find anything or it just couldn't repair what was broken because it only suggested a system restore, seeing as it didn't seem to think it was important to tell me when the last system restore point was made I skipped it.
You may have to run the Startup Repair up to three times to fully repair the startup process. See Startup Repair - Run 3 Separate Times for further reading on the subject.
My System SpecsSystem Spec
25 Jan 2012   #9

Windows 7 Professional 64
 
 

Great news everyone!

Uninstalled ESET last night before going to bed, currently running wired with the dongle unplugged but still installed and I got a perfect boot. I'll leave things as is to see if it'll boot again tomorrow, after that I'll reinstall ESET and see if it'll bring back the BSODs.

Thanks for your help writhziden, looks like this one is about to work itself out.. unless I just jinxed it.
My System SpecsSystem Spec
25 Jan 2012   #10

Windows 7 Home Premium 64 Bit
 
 

That is great news, though I'm sorry to hear it might be ESET. Hopefully they'll help you troubleshoot their program if you confirm that it is their program.
My System SpecsSystem Spec
Reply

 BSOD on first boot ntoskrnl.exe




Thread Tools



Similar help and support threads for2: BSOD on first boot ntoskrnl.exe
Thread Forum
BSOD on boot, ntoskrnl.exe BSOD Help and Support
omg just about every boot up ntoskrnl.exe bsod BSOD Help and Support
BSOD on first boot then okay! (NTOSKRNL.exe) BSOD Help and Support
Solved BSOD every boot - PAGE_FAULT_IN_NONPAGED_AREA (ntoskrnl.exe) BSOD Help and Support
Solved BSOD's on cold boot, ntoskrnl.exe, ntfs.sys BSOD Help and Support
BSOD on every second or third boot (ntoskrnl.exe) BSOD Help and Support
BSOD pointing to ntoskrnl.exe - Major Slow boot up now!! BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:46 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33