Problem Devices:
Code:
Deskjet 3000 J310 series ROOT\MULTIFUNCTION\0000 This device is disabled.
Realtek PCIe FE Family Controller PCI\VEN_10EC&DEV_8136&SUBSYS_2AB1103C&REV_05\4&C011167&0&0050 This device is disabled.
802.11n Wireless LAN Card PCI\VEN_1814&DEV_3090&SUBSYS_663211AD&REV_00\4&125A0B80&0&0028 This device is disabled.
Security Software (just to check that you have it and it is working properly; Nothing needs to be done about this at this time):
Code:
almon.exe c:\program files (x86)\sophos\autoupdate\almon.exe 1832 8 200 1380 4/5/2012 6:34 PM 3.33.91.244 429.23 KB (439,536 bytes) 9/21/2010 11:16 AM
alsvc.exe c:\program files (x86)\sophos\autoupdate\alsvc.exe 2364 8 200 1380 4/5/2012 6:34 PM 3.13.31.244 225.23 KB (230,640 bytes) 9/21/2010 11:16 AM
savadminservice.exe c:\program files (x86)\sophos\sophos anti-virus\savadminservice.exe 2312 8 200 1380 4/5/2012 6:34 PM 9.5.4.9570 159.23 KB (163,056 bytes) 10/8/2010 10:15 AM
savservice.exe c:\program files (x86)\sophos\sophos anti-virus\savservice.exe 1200 8 200 1380 4/5/2012 6:34 PM 9.5.0.9530 95.23 KB (97,520 bytes) 6/4/2010 6:23 AM
swi_service.exe c:\program files (x86)\sophos\sophos anti-virus\web intelligence\swi_service.exe 2512 8 200 1380 4/5/2012 6:34 PM 1.1.3.0 1.47 MB (1,543,704 bytes) 2/21/2012 5:48 AM
Possible out of date drivers:
Code:
LVPr2Mon fffff880`06984000 fffff880`0698e000 Tue Feb 06 17:59:37 2007 (45c92479) 00017670 LVPr2Mon.sys
uxpatch fffff880`043e3000 fffff880`043ed000 Sun Jul 12 23:09:18 2009 (4a5ac17e) 00013f48 uxpatch.sys
LVPr2Mon.sys
uxpatch.sys
The above are probably not issues...
Code:
-
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Kingston\BSODDmpFiles\ewrnyc\crash_info\Windows_NT6_BSOD_jcgriff2\040512-19858-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330
Machine Name:
Kernel base = 0xfffff800`03a19000 PsLoadedModuleList = 0xfffff800`03c5d650
Debug session time: Thu Apr 5 16:31:46.554 2012 (UTC - 6:00)
System Uptime: 0 days 0:11:44.771
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff80003a9849d, 0, ffffffffffffffff}
Probably caused by : ntkrnlmp.exe ( nt!KeWaitForMultipleObjects+425 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80003a9849d, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!KeWaitForMultipleObjects+425
fffff800`03a9849d c3 ret
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003cc7100
ffffffffffffffff
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
BUGCHECK_STR: 0x1E_c0000005
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: QuickCam10.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80003ae0a08 to fffff80003a95d40
STACK_TEXT:
fffff880`08b9aa68 fffff800`03ae0a08 : 00000000`0000001e ffffffff`c0000005 fffff800`03a9849d 00000000`00000000 : nt!KeBugCheckEx
fffff880`08b9aa70 fffff800`03a953c2 : fffff880`08b9b248 00000000`00000001 fffff880`08b9b2f0 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0x48d2d
fffff880`08b9b110 fffff800`03a93cca : fffff800`03a9fcb5 fffff880`009eb180 fffff880`08b9b720 fffff880`08b9b380 : nt!KiExceptionDispatch+0xc2
fffff880`08b9b2f0 fffff800`03a9849d : fffbf800`03d8b4bf fffff880`00000001 fffff880`08b9b520 00000000`00000001 : nt!KiGeneralProtectionFault+0x10a
fffff880`08b9b488 fffbf800`03d8b4bf : fffff880`00000001 fffff880`08b9b520 00000000`00000001 fffff880`00000006 : nt!KeWaitForMultipleObjects+0x425
fffff880`08b9b490 fffff880`00000001 : fffff880`08b9b520 00000000`00000001 fffff880`00000006 fffffa80`072af301 : 0xfffbf800`03d8b4bf
fffff880`08b9b498 fffff880`08b9b520 : 00000000`00000001 fffff880`00000006 fffffa80`072af301 fffff800`04010700 : 0xfffff880`00000001
fffff880`08b9b4a0 00000000`00000001 : fffff880`00000006 fffffa80`072af301 fffff800`04010700 fffff880`08b9b998 : 0xfffff880`08b9b520
fffff880`08b9b4a8 fffff880`00000006 : fffffa80`072af301 fffff800`04010700 fffff880`08b9b998 fffffa80`03b87768 : 0x1
fffff880`08b9b4b0 fffffa80`072af301 : fffff800`04010700 fffff880`08b9b998 fffffa80`03b87768 00000000`00000000 : 0xfffff880`00000006
fffff880`08b9b4b8 fffff800`04010700 : fffff880`08b9b998 fffffa80`03b87768 00000000`00000000 00000000`00000000 : 0xfffffa80`072af301
fffff880`08b9b4c0 fffffa80`03b87660 : ffffffff`fffffd80 00000000`00000001 00000000`00000000 00000000`00000000 : hal!KeQueryPerformanceCounter+0xc
fffff880`08b9b4f0 ffffffff`fffffd80 : 00000000`00000001 00000000`00000000 00000000`00000000 ffffffff`fffffb80 : 0xfffffa80`03b87660
fffff880`08b9b4f8 00000000`00000001 : 00000000`00000000 00000000`00000000 ffffffff`fffffb80 fffff880`053673f1 : 0xffffffff`fffffd80
fffff880`08b9b500 00000000`00000000 : 00000000`00000000 ffffffff`fffffb80 fffff880`053673f1 fffffa80`03a337f0 : 0x1
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KeWaitForMultipleObjects+425
fffff800`03a9849d c3 ret
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!KeWaitForMultipleObjects+425
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4ec79dd2
FAILURE_BUCKET_ID: X64_0x1E_c0000005_nt!KeWaitForMultipleObjects+425
BUCKET_ID: X64_0x1E_c0000005_nt!KeWaitForMultipleObjects+425
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\ewrnyc\crash_info\Windows_NT6_BSOD_jcgriff2\040212-19671-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330
Machine Name:
Kernel base = 0xfffff800`03a4a000 PsLoadedModuleList = 0xfffff800`03c8e650
Debug session time: Sun Apr 1 22:07:24.963 2012 (UTC - 6:00)
System Uptime: 0 days 0:37:44.994
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050031, 6f8, fffff80003dcf2fa}
Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80003dcf2fa
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: CCC.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80003ac62e9 to fffff80003ac6d40
STACK_TEXT:
fffff880`02fd9ce8 fffff800`03ac62e9 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`02fd9cf0 fffff800`03ac47b2 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`02fd9e30 fffff800`03dcf2fa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
7ffffc40`04463418 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExpQuerySystemInformation+0xb48
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiDoubleFaultAbort+b2
fffff800`03ac47b2 90 nop
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiDoubleFaultAbort+b2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4ec79dd2
FAILURE_BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\ewrnyc\crash_info\Windows_NT6_BSOD_jcgriff2\031512-24460-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330
Machine Name:
Kernel base = 0xfffff800`03019000 PsLoadedModuleList = 0xfffff800`0325d650
Debug session time: Thu Mar 15 20:35:18.212 2012 (UTC - 6:00)
System Uptime: 0 days 0:03:24.570
Loading Kernel Symbols
...............................................................
................................................................
..................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 24, {1904fb, fffff8800318c6b8, fffff8800318bf10, fffff80003070a82}
Probably caused by : Ntfs.sys ( Ntfs!NtfsDeleteFcb+179 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
NTFS_FILE_SYSTEM (24)
If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
parameters are the exception record and context record. Do a .cxr
on the 3rd parameter and then kb to obtain a more informative stack
trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff8800318c6b8
Arg3: fffff8800318bf10
Arg4: fffff80003070a82
Debugging Details:
------------------
EXCEPTION_RECORD: fffff8800318c6b8 -- (.exr 0xfffff8800318c6b8)
ExceptionAddress: fffff80003070a82 (nt!DeleteNodeFromTree+0x000000000000014e)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff8800318bf10 -- (.cxr 0xfffff8800318bf10)
rax=fffff8a002ef77e0 rbx=fffff8a003236a70 rcx=0004000000000000
rdx=fffff8a003236aff rsi=fffffa8003948c10 rdi=fffff8a003236a70
rip=fffff80003070a82 rsp=fffff8800318c8f0 rbp=fffffa80043ca640
r8=000000000002a577 r9=0000ffffffffffff r10=fffff88002f641e0
r11=fffffa8003948c10 r12=0000000000000001 r13=fffffa80043ca180
r14=fffff8800318c9ff r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
nt!DeleteNodeFromTree+0x14e:
fffff800`03070a82 488901 mov qword ptr [rcx],rax ds:002b:00040000`00000000=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032c7100
ffffffffffffffff
FOLLOWUP_IP:
Ntfs!NtfsDeleteFcb+179
fffff880`012adf89 4c8b1b mov r11,qword ptr [rbx]
FAULTING_IP:
nt!DeleteNodeFromTree+14e
fffff800`03070a82 488901 mov qword ptr [rcx],rax
BUGCHECK_STR: 0x24
LAST_CONTROL_TRANSFER: from fffff80003070b0d to fffff80003070a82
STACK_TEXT:
fffff880`0318c8f0 fffff800`03070b0d : fffffa80`043ca640 fffff800`03235260 fffffa80`03948c10 fffff800`03235260 : nt!DeleteNodeFromTree+0x14e
fffff880`0318c930 fffff880`012adf89 : fffff880`0318c9f0 fffff800`03235260 fffff8a0`03236a70 fffffa80`0396a8f0 : nt!RtlDeleteElementGenericTableAvl+0x39
fffff880`0318c960 fffff880`0122a972 : fffff800`03235260 fffff880`0318cb01 fffff880`0318c9e1 fffff8a0`02f05b40 : Ntfs!NtfsDeleteFcb+0x179
fffff880`0318c9c0 fffff880`012b063c : fffffa80`0396a8f0 fffffa80`043ca180 fffff8a0`02f05b40 fffff8a0`02f05ed8 : Ntfs!NtfsTeardownFromLcb+0x1e2
fffff880`0318ca50 fffff880`012320e2 : fffffa80`0396a8f0 fffffa80`0396a8f0 fffff8a0`02f05b40 00000000`00000000 : Ntfs!NtfsTeardownStructures+0xcc
fffff880`0318cad0 fffff880`012c0193 : fffffa80`0396a8f0 fffff800`03235260 fffff8a0`02f05b40 00000000`00000009 : Ntfs!NtfsDecrementCloseCounts+0xa2
fffff880`0318cb10 fffff880`012af357 : fffffa80`0396a8f0 fffff8a0`02f05c70 fffff8a0`02f05b40 fffffa80`043ca180 : Ntfs!NtfsCommonClose+0x353
fffff880`0318cbe0 fffff800`0309f471 : 00000000`00000000 fffff800`0338b700 fffffa80`037d1001 fffffa80`00000002 : Ntfs!NtfsFspClose+0x15f
fffff880`0318ccb0 fffff800`0332ff7a : 00000000`00000000 fffffa80`037d1040 00000000`00000080 fffffa80`036ea040 : nt!ExpWorkerThread+0x111
fffff880`0318cd40 fffff800`030869c6 : fffff880`02f63180 fffffa80`037d1040 fffff880`02f6dfc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`0318cd80 00000000`00000000 : fffff880`0318d000 fffff880`03187000 fffff880`0318c9e0 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: Ntfs!NtfsDeleteFcb+179
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b
STACK_COMMAND: .cxr 0xfffff8800318bf10 ; kb
FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsDeleteFcb+179
BUCKET_ID: X64_0x24_Ntfs!NtfsDeleteFcb+179
Followup: MachineOwner
---------
- Possible causes are Memory problems... Viruses... Corrupted hard disk file system... Corrupted System Files... Lack of Windows updates... Drivers...
- Possible causes are Memory problems... Hardware... Lack of Windows updates... Drivers... Antivirus Software... Firewall Software...
- Possible causes are Memory problems... Corrupted hard disk file system... Drivers... corrupted SCSI or IDE Drivers...
First thing to do is check for data corruption. - If you are overclocking any hardware, please stop.
- Run Disk Check with both boxes checked for all HDDs and with Automatically fix file system errors checked for all SSDs. Post back your logs for the checks after finding them using Check Disk (chkdsk) - Read Event Viewer Log.
For any drives that do not give the message:
Windows has checked the file system and found no problems
run disk check again as above. In other words, if it says:
Windows has made corrections to the file system
after running the disk check, run the disk check again.
- Run SFC /SCANNOW Command - System File Checker up to three times to fix all errors with a restart in between each. Post back if it continues to show errors after a fourth run or if the first run comes back with no integrity violations.
The next step should be to check all hardware thoroughly.
You may also want to re-seat all hardware (remove it completely from the motherboard and then gently but firmly place it back in the board) using the above ESD safety steps.