Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\PoisonedFire\Windows_NT6_BSOD_jcgriff2\123111-43992-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e68000 PsLoadedModuleList = 0xfffff800`030ad670
Debug session time: Sat Dec 31 07:32:11.208 2011 (UTC - 7:00)
System Uptime: 0 days 0:08:36.114
Loading Kernel Symbols
...............................................................
................................................................
.....................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff88006b2b828, 0, fffff80002eff510, 0}
Unable to load image \SystemRoot\System32\win32k.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Could not read faulting driver name
Probably caused by : win32k.sys ( win32k+cc636 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff88006b2b828, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80002eff510, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003117100
fffff88006b2b828
FAULTING_IP:
nt!PsGetCurrentThreadWin32Thread+10
fffff800`02eff510 c3 ret
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: explorer.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff88007b2b690 -- (.trap 0xfffff88007b2b690)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff900c07fd010 rbx=0000000000000000 rcx=00000000000203b4
rdx=fffff900c0864701 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002eff510 rsp=fffff88007b2b828 rbp=fffff900c0872560
r8=fffff900c0580a70 r9=0000000000000012 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!PsGetCurrentThreadWin32Thread+0x10:
fffff800`02eff510 c3 ret
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002e909fc to fffff80002ee4c40
STACK_TEXT:
fffff880`07b2b528 fffff800`02e909fc : 00000000`00000050 fffff880`06b2b828 00000000`00000000 fffff880`07b2b690 : nt!KeBugCheckEx
fffff880`07b2b530 fffff800`02ee2d6e : 00000000`00000000 fffff880`06b2b828 00000000`00000000 fffff900`c2595310 : nt! ?? ::FNODOBFM::`string'+0x4611f
fffff880`07b2b690 fffff800`02eff510 : fffff960`000cc636 fffff900`c2595010 00000000`00000000 00000000`ffeb1d38 : nt!KiPageFault+0x16e
fffff880`07b2b828 fffff960`000cc636 : fffff900`c2595010 00000000`00000000 00000000`ffeb1d38 00000000`00000000 : nt!PsGetCurrentThreadWin32Thread+0x10
fffff880`07b2b830 fffff900`c2595010 : 00000000`00000000 00000000`ffeb1d38 00000000`00000000 fffff900`c2595410 : win32k+0xcc636
fffff880`07b2b838 00000000`00000000 : 00000000`ffeb1d38 00000000`00000000 fffff900`c2595410 fffff960`000759c1 : 0xfffff900`c2595010
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k+cc636
fffff960`000cc636 ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: win32k+cc636
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ecdcd5b
FAILURE_BUCKET_ID: X64_0x50_win32k+cc636
BUCKET_ID: X64_0x50_win32k+cc636
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\PoisonedFire\Windows_NT6_BSOD_jcgriff2\123111-42307-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e67000 PsLoadedModuleList = 0xfffff800`030ac670
Debug session time: Sat Dec 31 07:40:31.300 2011 (UTC - 7:00)
System Uptime: 0 days 0:05:27.206
Loading Kernel Symbols
...............................................................
................................................................
.....................................................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff9600009729b, fffff8800e5d3d30, 0}
Probably caused by : win32k.sys ( win32k+8729b )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff9600009729b, Address of the instruction which caused the bugcheck
Arg3: fffff8800e5d3d30, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
win32k+8729b
fffff960`0009729b 48897008 mov qword ptr [rax+8],rsi
CONTEXT: fffff8800e5d3d30 -- (.cxr 0xfffff8800e5d3d30)
rax=00000007000008e6 rbx=fffff900c2212b70 rcx=fffffa80077b2630
rdx=fffff900c2d61c50 rsi=fffff900c2212b50 rdi=fffff960000972d0
rip=fffff9600009729b rsp=fffff8800e5d4710 rbp=0000000000000001
r8=fffff960000972d0 r9=fffff8800d29e440 r10=fffff8800d29dcc8
r11=fffff900c2d61c20 r12=fffff900c3e00000 r13=0000000000000044
r14=000000000000028f r15=0000000000000000
iopl=0 nv up ei ng nz ac po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010296
win32k+0x8729b:
fffff960`0009729b 48897008 mov qword ptr [rax+8],rsi ds:002b:00000007`000008ee=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: PPStream.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff9600009729b
STACK_TEXT:
fffff880`0e5d4710 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : win32k+0x8729b
FOLLOWUP_IP:
win32k+8729b
fffff960`0009729b 48897008 mov qword ptr [rax+8],rsi
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k+8729b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ecdcd5b
STACK_COMMAND: .cxr 0xfffff8800e5d3d30 ; kb
FAILURE_BUCKET_ID: X64_0x3B_win32k+8729b
BUCKET_ID: X64_0x3B_win32k+8729b
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\PoisonedFire\Windows_NT6_BSOD_jcgriff2\123111-18704-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e18000 PsLoadedModuleList = 0xfffff800`0305d670
Debug session time: Sat Dec 31 08:53:56.055 2011 (UTC - 7:00)
System Uptime: 0 days 1:04:17.961
Loading Kernel Symbols
...............................................................
................................................................
....................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff8801fbe6f48, 1, fffff8000323cb45, 1}
Could not read faulting driver name
Probably caused by : ntkrnlmp.exe ( nt!CmpCallCallBacks+15 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff8801fbe6f48, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff8000323cb45, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000001, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800030c7100
fffff8801fbe6f48
FAULTING_IP:
nt!CmpCallCallBacks+15
fffff800`0323cb45 4154 push r12
MM_INTERNAL_CODE: 1
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff88020be6dc0 -- (.trap 0xfffff88020be6dc0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff88020be6f68 rbx=0000000000000000 rcx=000000000000001d
rdx=fffff88020be6fa0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000323cb45 rsp=fffff88020be6f50 rbp=000000000000001d
r8=0000000000000000 r9=000000000000001d r10=fffff8000300c720
r11=fffffa800d88eb60 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!CmpCallCallBacks+0x15:
fffff800`0323cb45 4154 push r12
Resetting default scope
LOCK_ADDRESS: fffff80003093b80 -- (!locks fffff80003093b80)
Resource @ nt!PiEngineLock (0xfffff80003093b80) Available
WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.
WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.
1 total locks
PNP_TRIAGE:
Lock address : 0xfffff80003093b80
Thread Count : 0
Thread address: 0x0000000000000000
Thread wait : 0x0
LAST_CONTROL_TRANSFER: from fffff80002e27b24 to fffff80002e94c40
STACK_TEXT:
fffff880`20be6c58 fffff800`02e27b24 : 00000000`00000050 fffff880`1fbe6f48 00000000`00000001 fffff880`20be6dc0 : nt!KeBugCheckEx
fffff880`20be6c60 fffff800`02e92d6e : 00000000`00000001 fffff880`1fbe6f48 00000000`00000000 fffff880`20be7130 : nt! ?? ::FNODOBFM::`string'+0x461e2
fffff880`20be6dc0 fffff800`0323cb45 : 00000000`00000000 fffff8a0`0fda05c0 fffff880`20be7130 fffff800`031c925a : nt!KiPageFault+0x16e
fffff880`20be6f50 fffff800`031c925a : fffff880`0000001d fffff880`20be6fa0 fffff8a0`0fda0500 00000000`0000001d : nt!CmpCallCallBacks+0x15
fffff880`20be6f70 fffff800`030f6abe : fffff880`20be7348 fffff880`20be7530 fffff8a0`00024010 fffff880`20be7460 : nt! ?? ::NNGAKEGL::`string'+0x1232b
fffff880`20be6ff0 fffff800`0318f838 : fffffa80`071541c8 fffffa80`00000000 fffffa80`07154010 fffff800`00000000 : nt! ?? ::NNGAKEGL::`string'+0x2ec86
fffff880`20be72f0 fffff800`03190a56 : ffffffff`8000318c fffffa80`07154010 fffff8a0`0f98e370 fffffa80`07016660 : nt!ObpLookupObjectName+0x588
fffff880`20be73e0 fffff800`031642bc : 00000000`00000099 00000000`00000000 00000000`00000000 00000000`00000200 : nt!ObOpenObjectByName+0x306
fffff880`20be74b0 fffff800`0316f392 : fffff880`20be78a8 00000000`00020019 fffff880`20be7800 fffff880`00000000 : nt!CmOpenKey+0x28a
fffff880`20be7600 fffff800`02e93ed3 : fffffa80`00000000 fffff8a0`043cc220 fffff880`00000200 fffff880`20be7884 : nt!NtOpenKey+0x12
fffff880`20be7640 fffff800`02e90470 : fffff800`03103e58 00000000`0000000e 00000000`00000200 00000000`00000099 : nt!KiSystemServiceCopyEnd+0x13
fffff880`20be77d8 fffff800`03103e58 : 00000000`0000000e 00000000`00000200 00000000`00000099 fffff8a0`043cc220 : nt!KiServiceLinkage
fffff880`20be77e0 fffff800`03100ab8 : 00000000`00000108 fffff8a0`043cc220 00000000`000000a3 fffff8a0`0ef7cc0c : nt!IopOpenRegistryKeyEx+0x38
fffff880`20be7840 fffff800`031012a1 : 00000000`00000002 00000000`00000000 fffff880`00000000 00000000`00000001 : nt!IopGetDeviceInterfaces+0x32c
fffff880`20be79b0 fffff800`0310056d : 00000000`00000002 00000000`00000000 00000000`00000000 fffff8a0`0b11ebc0 : nt!PiGetInterfaceDeviceList+0x41
fffff880`20be7a10 fffff800`031596dc : fffff8a0`0b11ebc0 fffff800`00008000 fffff880`20be7b01 fffff800`0335fda0 : nt!PiControlGetInterfaceDeviceList+0x111
fffff880`20be7a90 fffff800`02e93ed3 : fffffa80`0d88eb60 00000000`012ae790 fffff880`20be7b60 00000000`012ae818 : nt!NtPlugPlayControl+0x100
fffff880`20be7ae0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!CmpCallCallBacks+15
fffff800`0323cb45 4154 push r12
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!CmpCallCallBacks+15
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x50_nt!CmpCallCallBacks+15
BUCKET_ID: X64_0x50_nt!CmpCallCallBacks+15
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\PoisonedFire\Windows_NT6_BSOD_jcgriff2\123111-18408-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e65000 PsLoadedModuleList = 0xfffff800`030aa670
Debug session time: Sat Dec 31 08:57:55.054 2011 (UTC - 7:00)
System Uptime: 0 days 0:00:15.960
Loading Kernel Symbols
...............................................................
................................................................
.....
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {fffff80003ccba60, 2, 1, fffff88007c67572}
Probably caused by : HDAudBus.sys ( HDAudBus!HDABusWmiLogETW+12 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff80003ccba60, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff88007c67572, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80003114100
fffff80003ccba60
CURRENT_IRQL: 2
FAULTING_IP:
HDAudBus!HDABusWmiLogETW+12
fffff880`07c67572 56 push rsi
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fffff80004ccb8d0 -- (.trap 0xfffff80004ccb8d0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000001
rdx=0000000000000002 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88007c67572 rsp=fffff80004ccba68 rbp=fffffa800a950000
r8=0000000000000004 r9=0000000000000003 r10=fffff80002e65000
r11=fffffa800a950000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
HDAudBus!HDABusWmiLogETW+0x12:
fffff880`07c67572 56 push rsi
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ee11e9 to fffff80002ee1c40
STACK_TEXT:
fffff800`04ccb788 fffff800`02ee11e9 : 00000000`0000000a fffff800`03ccba60 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff800`04ccb790 fffff800`02edfe60 : 00000000`00000000 00000000`00001ae6 00000000`00000002 fffff800`03057e80 : nt!KiBugCheckDispatch+0x69
fffff800`04ccb8d0 fffff880`07c67572 : fffff880`07c5bd49 fffffa80`00000001 fffffa80`00000002 00000000`00000004 : nt!KiPageFault+0x260
fffff800`04ccba68 fffff880`07c5bd49 : fffffa80`00000001 fffffa80`00000002 00000000`00000004 fffff800`03057e03 : HDAudBus!HDABusWmiLogETW+0x12
fffff800`04ccba70 fffff880`07c5a5a8 : fffffa80`0a950000 80000000`00000004 00000000`00000004 00000000`00000003 : HDAudBus!HdaController::ProcessCodecTransferList+0x669
fffff800`04ccbb30 fffff800`02eed0ac : fffffa80`0a956c68 fffffa80`0a950000 00000000`00000000 00000000`00000000 : HDAudBus!HdaController::CodecDpc+0xd8
fffff800`04ccbb90 fffff800`02ed996a : fffff800`03057e80 fffff800`03065cc0 00000000`00000000 fffff880`07c5a4d0 : nt!KiRetireDpcList+0x1bc
fffff800`04ccbc40 00000000`00000000 : fffff800`04ccc000 fffff800`04cc6000 fffff800`04ccbc00 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_IP:
HDAudBus!HDABusWmiLogETW+12
fffff880`07c67572 56 push rsi
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: HDAudBus!HDABusWmiLogETW+12
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: HDAudBus
IMAGE_NAME: HDAudBus.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7a65e
FAILURE_BUCKET_ID: X64_0xD1_HDAudBus!HDABusWmiLogETW+12
BUCKET_ID: X64_0xD1_HDAudBus!HDABusWmiLogETW+12
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\PoisonedFire\Windows_NT6_BSOD_jcgriff2\123111-18782-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e08000 PsLoadedModuleList = 0xfffff800`0304d670
Debug session time: Sat Dec 31 09:09:07.132 2011 (UTC - 7:00)
System Uptime: 0 days 0:01:44.927
Loading Kernel Symbols
...............................................................
................................................................
....................................................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {fffff7ffffb9c1b8, 2, 1, fffff8800983897e}
Unable to load image \SystemRoot\system32\DRIVERS\NETwNs64.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for NETwNs64.sys
*** ERROR: Module load completed but symbols could not be loaded for NETwNs64.sys
Probably caused by : NETwNs64.sys ( NETwNs64+e97e )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff7ffffb9c1b8, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff8800983897e, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800030b7100
fffff7ffffb9c1b8
CURRENT_IRQL: 2
FAULTING_IP:
NETwNs64+e97e
fffff880`0983897e e85df9ffff call NETwNs64+0xe2e0 (fffff880`098382e0)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fffff80000b9c030 -- (.trap 0xfffff80000b9c030)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8007f21a90
rdx=0000000000000006 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800983897e rsp=fffff80000b9c1c0 rbp=fffffa800dd7c420
r8=fffffa800dd7c400 r9=0000000000000000 r10=fffff8800a0352c0
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac po cy
NETwNs64+0xe97e:
fffff880`0983897e e85df9ffff call NETwNs64+0xe2e0 (fffff880`098382e0)
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002e841e9 to fffff80002e84c40
STACK_TEXT:
fffff800`00b9bee8 fffff800`02e841e9 : 00000000`0000000a fffff7ff`ffb9c1b8 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff800`00b9bef0 fffff800`02e82e60 : 00000000`00000000 fffff880`0985205c 3ac830e3`dad72400 fffffa80`07f21a90 : nt!KiBugCheckDispatch+0x69
fffff800`00b9c030 fffff880`0983897e : fffffa80`07f21a90 fffffa80`0a98be1b 00000000`00000000 fffff880`0982f5d0 : nt!KiPageFault+0x260
fffff800`00b9c1c0 fffffa80`07f21a90 : fffffa80`0a98be1b 00000000`00000000 fffff880`0982f5d0 fffffa80`0d92be00 : NETwNs64+0xe97e
fffff800`00b9c1c8 fffffa80`0a98be1b : 00000000`00000000 fffff880`0982f5d0 fffffa80`0d92be00 fffffa80`0a98b888 : 0xfffffa80`07f21a90
fffff800`00b9c1d0 00000000`00000000 : fffff880`0982f5d0 fffffa80`0d92be00 fffffa80`0a98b888 fffffa80`0a98b888 : 0xfffffa80`0a98be1b
STACK_COMMAND: kb
FOLLOWUP_IP:
NETwNs64+e97e
fffff880`0983897e e85df9ffff call NETwNs64+0xe2e0 (fffff880`098382e0)
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: NETwNs64+e97e
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETwNs64
IMAGE_NAME: NETwNs64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4e39e7aa
FAILURE_BUCKET_ID: X64_0xD1_NETwNs64+e97e
BUCKET_ID: X64_0xD1_NETwNs64+e97e
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\PoisonedFire\Windows_NT6_BSOD_jcgriff2\123111-23056-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e04000 PsLoadedModuleList = 0xfffff800`03049670
Debug session time: Sat Dec 31 09:10:41.603 2011 (UTC - 7:00)
System Uptime: 0 days 0:00:45.508
Loading Kernel Symbols
...............................................................
................................................................
....................................................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck BE, {fffff8800907bcf0, 800000023f7ce121, fffff80000b9bfb0, a}
Unable to load image \SystemRoot\system32\DRIVERS\NETwNs64.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for NETwNs64.sys
*** ERROR: Module load completed but symbols could not be loaded for NETwNs64.sys
Probably caused by : NETwNs64.sys ( NETwNs64+3c5516 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
An attempt was made to write to readonly memory. The guilty driver is on the
stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fffff8800907bcf0, Virtual address for the attempted write.
Arg2: 800000023f7ce121, PTE contents.
Arg3: fffff80000b9bfb0, (reserved)
Arg4: 000000000000000a, (reserved)
Debugging Details:
------------------
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xBE
PROCESS_NAME: System
CURRENT_IRQL: 2
TRAP_FRAME: fffff80000b9bfb0 -- (.trap 0xfffff80000b9bfb0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffff8800a07bcf8
rdx=0000020000e07c30 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88009c2d516 rsp=fffff80000b9c148 rbp=fffff8800a07adc0
r8=0000000000000a18 r9=0000000000000007 r10=0000000000000000
r11=fffff8800a07b3d8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
NETwNs64+0x3c5516:
fffff880`09c2d516 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002e2af57 to fffff80002e80c40
STACK_TEXT:
fffff800`00b9be48 fffff800`02e2af57 : 00000000`000000be fffff880`0907bcf0 80000002`3f7ce121 fffff800`00b9bfb0 : nt!KeBugCheckEx
fffff800`00b9be50 fffff800`02e7ed6e : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`0ae83008 : nt! ?? ::FNODOBFM::`string'+0x442cb
fffff800`00b9bfb0 fffff880`09c2d516 : fffff880`09a3c443 fffffa80`0ae83008 fffff880`0a07adc0 fffffa80`0ae8aac0 : nt!KiPageFault+0x16e
fffff800`00b9c148 fffff880`09a3c443 : fffffa80`0ae83008 fffff880`0a07adc0 fffffa80`0ae8aac0 00000000`00000001 : NETwNs64+0x3c5516
fffff800`00b9c150 fffffa80`0ae83008 : fffff880`0a07adc0 fffffa80`0ae8aac0 00000000`00000001 fffff800`00b9c181 : NETwNs64+0x1d4443
fffff800`00b9c158 fffff880`0a07adc0 : fffffa80`0ae8aac0 00000000`00000001 fffff800`00b9c181 00000000`00000001 : 0xfffffa80`0ae83008
fffff800`00b9c160 fffffa80`0ae8aac0 : 00000000`00000001 fffff800`00b9c181 00000000`00000001 00000000`00000000 : NETwNs64+0x812dc0
fffff800`00b9c168 00000000`00000001 : fffff800`00b9c181 00000000`00000001 00000000`00000000 fffff800`03004cc0 : 0xfffffa80`0ae8aac0
fffff800`00b9c170 fffff800`00b9c181 : 00000000`00000001 00000000`00000000 fffff800`03004cc0 00000000`00000001 : 0x1
fffff800`00b9c178 00000000`00000001 : 00000000`00000000 fffff800`03004cc0 00000000`00000001 fffffa80`0ae83008 : 0xfffff800`00b9c181
fffff800`00b9c180 00000000`00000000 : fffff800`03004cc0 00000000`00000001 fffffa80`0ae83008 00000000`00000002 : 0x1
STACK_COMMAND: kb
FOLLOWUP_IP:
NETwNs64+3c5516
fffff880`09c2d516 ?? ???
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: NETwNs64+3c5516
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETwNs64
IMAGE_NAME: NETwNs64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4e39e7aa
FAILURE_BUCKET_ID: X64_0xBE_NETwNs64+3c5516
BUCKET_ID: X64_0xBE_NETwNs64+3c5516
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\PoisonedFire\Windows_NT6_BSOD_jcgriff2\123111-31902-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e55000 PsLoadedModuleList = 0xfffff800`0309a670
Debug session time: Sat Dec 31 09:40:18.744 2011 (UTC - 7:00)
System Uptime: 0 days 0:00:24.649
Loading Kernel Symbols
...............................................................
................................................................
......
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffff8800cc4b278, 2, 0, fffff80002ec86ba}
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff8800cc4b278, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002ec86ba, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003104100
fffff8800cc4b278
CURRENT_IRQL: 2
FAULTING_IP:
nt!memcpy+ca
fffff800`02ec86ba 4c8b540af8 mov r10,qword ptr [rdx+rcx-8]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: fffff80004cb91c0 -- (.trap 0xfffff80004cb91c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffff88004b1c890
rdx=000000000912e9f0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ec86ba rsp=fffff80004cb9358 rbp=fffff88004b1c670
r8=0000000000000320 r9=0000000000000009 r10=0000000000000000
r11=fffff88004b1c670 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!memcpy+0xca:
fffff800`02ec86ba 4c8b540af8 mov r10,qword ptr [rdx+rcx-8] ds:7998:fffff880`0dc4b278=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ed11e9 to fffff80002ed1c40
STACK_TEXT:
fffff800`04cb9078 fffff800`02ed11e9 : 00000000`0000000a fffff880`0cc4b278 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff800`04cb9080 fffff800`02ecfe60 : fffffa80`00000000 fffff880`06e6a7bd ffff0080`03ee4551 fffff880`0dc4b018 : nt!KiBugCheckDispatch+0x69
fffff800`04cb91c0 fffff800`02ec86ba : fffff800`0337f419 fffff880`0764dd80 fffffa80`0aa25560 fffffa80`0af9b860 : nt!KiPageFault+0x260
fffff800`04cb9358 fffff800`0337f419 : fffff880`0764dd80 fffffa80`0aa25560 fffffa80`0af9b860 00000000`00000050 : nt!memcpy+0xca
fffff800`04cb9360 fffff800`03382178 : 00000000`00000000 00000000`00000000 fffffa80`07032800 fffffa80`07032804 : nt!GxpWriteFrameBufferPixels+0xb9
fffff800`04cb93b0 fffff800`03383757 : 00000000`00000000 00000000`0001fb7e 00000000`00000000 fffff880`04fc78e9 : nt!BgpGxDrawRectangle+0x48
fffff800`04cb93e0 fffff800`02edd5fc : fffff800`04cb94d8 00000000`00000000 00000000`00000002 fffff800`04cb9500 : nt!AnFwpProgressIndicatorTimer+0x107
fffff800`04cb9430 fffff800`02edd496 : fffffa80`07eff0e0 00000000`0000062c 00000000`00000000 fffff800`04cb94c0 : nt!KiProcessTimerDpcTable+0x6c
fffff800`04cb94a0 fffff800`02edd37e : 00000000`0eb13ca0 fffff800`04cb9b18 00000000`0000062c fffff800`0304a808 : nt!KiProcessExpiredTimerList+0xc6
fffff800`04cb9af0 fffff800`02edd167 : 00000000`02ee88c3 00000000`0000062c 00000000`02ee882a 00000000`0000002c : nt!KiTimerExpiration+0x1be
fffff800`04cb9b90 fffff800`02ec996a : fffff800`03047e80 fffff800`03055cc0 00000000`00000001 fffff880`00000000 : nt!KiRetireDpcList+0x277
fffff800`04cb9c40 00000000`00000000 : fffff800`04cba000 fffff800`04cb4000 fffff800`04cb9c00 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiPageFault+260
fffff800`02ecfe60 440f20c0 mov rax,cr8
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiPageFault+260
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0xA_nt!KiPageFault+260
BUCKET_ID: X64_0xA_nt!KiPageFault+260
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\PoisonedFire\Windows_NT6_BSOD_jcgriff2\123111-20264-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e03000 PsLoadedModuleList = 0xfffff800`03048670
Debug session time: Sat Dec 31 15:13:21.246 2011 (UTC - 7:00)
System Uptime: 0 days 0:11:20.152
Loading Kernel Symbols
...............................................................
................................................................
...................................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {fffff7ffffb9c218, 2, 1, fffff80002e61117}
Probably caused by : afd.sys ( afd!AfdCompletePollIrp+d2 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffff7ffffb9c218, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002e61117, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800030b2100
fffff7ffffb9c218
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiExitDispatcher+7
fffff800`02e61117 4155 push r13
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: fffff80000b9c090 -- (.trap 0xfffff80000b9c090)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffff80002ff5e80
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002e61117 rsp=fffff80000b9c220 rbp=0000000000000002
r8=0000000000000001 r9=0000000000000002 r10=0000000000000000
r11=fffff80000b9c302 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!KiExitDispatcher+0x7:
fffff800`02e61117 4155 push r13
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002e7f1e9 to fffff80002e7fc40
STACK_TEXT:
fffff800`00b9bf48 fffff800`02e7f1e9 : 00000000`0000000a fffff7ff`ffb9c218 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff800`00b9bf50 fffff800`02e7de60 : 00000000`0000000e fffffa80`0c62d640 fffffa80`0a9af700 fffffa80`07131780 : nt!KiBugCheckDispatch+0x69
fffff800`00b9c090 fffff800`02e61117 : fffff800`02ff5e80 fffffa80`07907001 00000000`00000000 00000000`00000002 : nt!KiPageFault+0x260
fffff800`00b9c220 fffff800`02e61406 : fffffa80`07131780 00000000`00000002 00000000`00000000 fffffa80`07907088 : nt!KiExitDispatcher+0x7
fffff800`00b9c250 fffff800`02e83843 : fffffa80`074c2c90 00000000`a000000c 00000000`00000000 00000000`00000002 : nt!KeInsertQueueApc+0xa2
fffff800`00b9c2b0 fffff880`013a2282 : ffffffff`ffffffff fffffa80`07bdb602 fffffa80`07907010 00000000`00000000 : nt!IopfCompleteRequest+0xb63
fffff800`00b9c3a0 fffff880`013a22ee : 00000000`00000000 fffff800`00b9c4c0 fffff800`00b9c400 00000000`00000002 : afd!AfdCompletePollIrp+0xd2
fffff800`00b9c400 fffff800`02e8b5fc : 00000000`00000000 00000000`00000000 fffff800`404f1288 fffff880`016cb929 : afd!AfdTimeoutPoll+0x2e
fffff800`00b9c430 fffff800`02e8b496 : fffffa80`07bdb620 00000000`0000aa4f 00000000`00000000 fffffa80`0acf89b0 : nt!KiProcessTimerDpcTable+0x6c
fffff800`00b9c4a0 fffff800`02e8b37e : 00000001`9566fb3e fffff800`00b9cb18 00000000`0000aa4f fffff800`02ff8c68 : nt!KiProcessExpiredTimerList+0xc6
fffff800`00b9caf0 fffff800`02e8b167 : 00000000`4f1151c1 00000000`0000aa4f 00000000`4f11511c 00000000`0000004f : nt!KiTimerExpiration+0x1be
fffff800`00b9cb90 fffff800`02e7796a : fffff800`02ff5e80 fffff800`03003cc0 00000000`00000001 fffff880`00000000 : nt!KiRetireDpcList+0x277
fffff800`00b9cc40 00000000`00000000 : fffff800`00b9d000 fffff800`00b97000 fffff800`00b9cc00 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_IP:
afd!AfdCompletePollIrp+d2
fffff880`013a2282 488b6c2460 mov rbp,qword ptr [rsp+60h]
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: afd!AfdCompletePollIrp+d2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: afd
IMAGE_NAME: afd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4db4dd96
FAILURE_BUCKET_ID: X64_0xA_afd!AfdCompletePollIrp+d2
BUCKET_ID: X64_0xA_afd!AfdCompletePollIrp+d2
Followup: MachineOwner
---------
Most of these were system related, but one non-system related driver showed up twice. Update your Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 (see