Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\123011-25662-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c11000 PsLoadedModuleList = 0xfffff800`02e56670
Debug session time: Fri Dec 30 11:40:21.047 2011 (UTC - 7:00)
System Uptime: 0 days 0:00:39.920
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {80f0, 2, 0, fffff80002c91544}
Probably caused by : memory_corruption
Followup: memory_corruption
---------
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000000000080f0, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002c91544, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ec0100
00000000000080f0
CURRENT_IRQL: 2
FAULTING_IP:
nt!IopfCompleteRequest+864
fffff800`02c91544 488b8c00f0000000 mov rcx,qword ptr [rax+rax+0F0h]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: CODE_CORRUPTION
BUGCHECK_STR: 0xA
PROCESS_NAME: Skype.exe
TRAP_FRAME: fffff88009295280 -- (.trap 0xfffff88009295280)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000004000 rbx=0000000000000000 rcx=fffffa80086f02e0
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002c91544 rsp=fffff88009295410 rbp=0000000000000002
r8=000000000000000b r9=0000000000000727 r10=0000000000000000
r11=fffff880092954f8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!IopfCompleteRequest+0x864:
fffff800`02c91544 488b8c00f0000000 mov rcx,qword ptr [rax+rax+0F0h] ds:5430:00000000`000080f0=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002c8d1e9 to fffff80002c8dc40
STACK_TEXT:
fffff880`09295138 fffff800`02c8d1e9 : 00000000`0000000a 00000000`000080f0 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`09295140 fffff800`02c8be60 : 00000000`00000000 fffff800`02c9574f fffff880`092956d0 00000000`00000042 : nt!KiBugCheckDispatch+0x69
fffff880`09295280 fffff800`02c91544 : 00000000`00fc3400 fffff800`02d928ee fffffa80`20707249 fffffa80`07fda630 : nt!KiPageFault+0x260
fffff880`09295410 fffff880`012103ea : fffff880`092956d0 00000000`00000001 fffff880`09295830 00000000`00000000 : nt!IopfCompleteRequest+0x864
fffff880`09295500 fffff880`01210a68 : fffff880`092956d0 fffffa80`088dac10 fffff880`09295801 fffffa80`08747001 : Ntfs!NtfsCommonRead+0x1bbe
fffff880`092956a0 fffff880`00dabbcf : fffffa80`088dafb0 fffffa80`088dac10 fffffa80`08747010 00000000`00000000 : Ntfs!NtfsFsdRead+0x1b8
fffff880`092958b0 fffff880`00daa6df : fffffa80`05f2ea30 fffffa80`07fda601 fffffa80`05f2ea00 fffffa80`088dac10 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`09295940 fffff800`02cb5bc5 : fffffa80`088dac30 fffffa80`0870fa90 fffffa80`086f0350 00000000`0237e000 : fltmgr!FltpDispatch+0xcf
fffff880`092959a0 fffff800`02cb5699 : 15f00001`0cf5e201 15f00001`0cf5e201 fffffa80`086f0290 00000000`00000018 : nt!IoPageRead+0x255
fffff880`09295a30 fffff800`02c9c02a : 00000000`00000000 00000000`00000000 ffffffff`ffffffff 00000000`00000000 : nt!MiIssueHardFault+0x255
fffff880`09295ac0 fffff800`02c8bd6e : 00000000`00000000 00000000`0237e000 fffffa80`00000001 00000000`0018ff60 : nt!MmAccessFault+0x146a
fffff880`09295c20 00000000`005a3603 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`00189f78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x5a3603
STACK_COMMAND: kb
CHKIMG_EXTENSION: !chkimg -lo 50 -db !nt
14 errors : !nt (fffff80002c91547-fffff80002c915ff)
fffff80002c91540 91 5a fe ff 48 8b 8c *00 f0 00 00 00 44 8b 8c *00 .Z..H.......D...
fffff80002c91550 f8 00 00 00 45 32 ff *00 89 8c 24 00 01 00 00 *00 ....E2....$.....
fffff80002c91560 89 8c 24 f0 00 00 00 *00 ff 85 00 4b 00 00 f0 *00 ..$........K....
fffff80002c91570 0f ba ae 80 04 00 00 00 0f 82 82 5a fe ff 0f *00 ...........Z....
...
fffff80002c915c0 fe ff 48 8b 84 24 f0 00 00 00 45 32 c0 f0 48 *00 ..H..$....E2..H.
fffff80002c915d0 21 00 45 84 c0 0f 85 *06 5a fe ff 41 0f b6 c4 *00 !.E.....Z..A....
fffff80002c915e0 0f 22 c0 e9 9d fa ff *d5 44 39 66 04 0f 84 31 *d8 ."......D9f...1.
fffff80002c915f0 ff ff 45 8b f4 e9 a1 *62 ff ff 4c 8b 7e 08 4c *82 ..E....b..L.~.L.
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: STRIDE
FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_STRIDE
BUCKET_ID: X64_MEMORY_CORRUPTION_STRIDE
Followup: memory_corruption
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\123011-18782-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c5b000 PsLoadedModuleList = 0xfffff800`02ea0670
Debug session time: Fri Dec 30 11:51:47.000 2011 (UTC - 7:00)
System Uptime: 0 days 0:00:20.999
Loading Kernel Symbols
...............................................................
...............................................................
Loading User Symbols
Loading unloaded module list
......
Unable to load image \SystemRoot\system32\DRIVERS\rtl8192Ce.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for rtl8192Ce.sys
*** ERROR: Module load completed but symbols could not be loaded for rtl8192Ce.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff880046be788, fffff8800353f868, fffff8800353f0c0}
Probably caused by : rtl8192Ce.sys ( rtl8192Ce+a8788 )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff880046be788, The address that the exception occurred at
Arg3: fffff8800353f868, Exception Record Address
Arg4: fffff8800353f0c0, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
rtl8192Ce+a8788
fffff880`046be788 480fbae10e bt rcx,0Eh
EXCEPTION_RECORD: fffff8800353f868 -- (.exr 0xfffff8800353f868)
ExceptionAddress: fffff880046be788 (rtl8192Ce+0x00000000000a8788)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 000000000000000e
Attempt to write to address 000000000000000e
CONTEXT: fffff8800353f0c0 -- (.cxr 0xfffff8800353f0c0)
rax=0000000000000000 rbx=fffffa8006ff6000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=fffffa80071be000
rip=fffff880046be788 rsp=fffff8800353faa0 rbp=0000000000000000
r8=0000000000000000 r9=fffff8800353fb00 r10=fffffa80071be000
r11=fffff8800353fad0 r12=000000000060a42b r13=0000000000000000
r14=0000000000000000 r15=000000000060a42b
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
rtl8192Ce+0xa8788:
fffff880`046be788 480fbae10e bt rcx,0Eh
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000001
EXCEPTION_PARAMETER2: 000000000000000e
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f0a100
000000000000000e
FOLLOWUP_IP:
rtl8192Ce+a8788
fffff880`046be788 480fbae10e bt rcx,0Eh
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER: from fffffa8006ff6000 to fffff880046be788
STACK_TEXT:
fffff880`0353faa0 fffffa80`06ff6000 : 00000000`00000000 fffffa80`06d8d010 fffffa80`071be000 00000000`00000000 : rtl8192Ce+0xa8788
fffff880`0353faa8 00000000`00000000 : fffffa80`06d8d010 fffffa80`071be000 00000000`00000000 00000000`00000000 : 0xfffffa80`06ff6000
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: rtl8192Ce+a8788
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: rtl8192Ce
IMAGE_NAME: rtl8192Ce.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d91b0db
STACK_COMMAND: .cxr 0xfffff8800353f0c0 ; kb
FAILURE_BUCKET_ID: X64_0x7E_rtl8192Ce+a8788
BUCKET_ID: X64_0x7E_rtl8192Ce+a8788
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\123011-20904-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c4b000 PsLoadedModuleList = 0xfffff800`02e90670
Debug session time: Fri Dec 30 12:22:49.214 2011 (UTC - 7:00)
System Uptime: 0 days 0:00:46.197
Loading Kernel Symbols
...............................................................
................................................................
...................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {0, 2, 1, fffff8800090960d}
Probably caused by : afd.sys ( afd!AfdPoll32+562 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff8800090960d, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002efa100
0000000000000000
CURRENT_IRQL: 2
FAULTING_IP:
+3861343666623665
fffff880`0090960d ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: Steam.exe
TRAP_FRAME: fffff88008a73730 -- (.trap 0xfffff88008a73730)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800858aa50
rdx=000000000000019f rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800090960d rsp=fffff88008a738c8 rbp=fffffa8008ed3660
r8=000000000000afd1 r9=0000000000000000 r10=0000000000000004
r11=000000000000afd0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
fffff880`0090960d ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002cc71e9 to fffff80002cc7c40
STACK_TEXT:
fffff880`08a735e8 fffff800`02cc71e9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`08a735f0 fffff800`02cc5e60 : 00000000`00000000 fffff800`02cca6ef 00000000`00000018 fffff880`08a739f0 : nt!KiBugCheckDispatch+0x69
fffff880`08a73730 fffff880`0090960d : fffff880`014624e2 00000000`00000000 00000000`00000000 fffffa80`07d6b620 : nt!KiPageFault+0x260
fffff880`08a738c8 fffff880`014624e2 : 00000000`00000000 00000000`00000000 fffffa80`07d6b620 00000000`000001a4 : 0xfffff880`0090960d
fffff880`08a738d0 fffff880`01454fe5 : fffffa80`0627a900 fffffa80`08ed3700 00000000`00000000 00000000`00000000 : afd!AfdPoll32+0x562
fffff880`08a739e0 fffff800`02fe2a97 : fffffa80`07c6b610 fffff880`08a73ca0 fffffa80`07d6b810 fffffa80`07d6b620 : afd! ?? ::GFJBLGFE::`string'+0x1f35
fffff880`08a73a10 fffff800`02fe32f6 : fffff880`08a73bf8 00000000`000005b4 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`08a73b40 fffff800`02cc6ed3 : fffff880`08a73ca0 fffffa80`08cf0060 fffff880`08a73bf8 fffff880`08a73c00 : nt!NtDeviceIoControlFile+0x56
fffff880`08a73bb0 00000000`72fe2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`03b9f0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x72fe2e09
STACK_COMMAND: kb
FOLLOWUP_IP:
afd!AfdPoll32+562
fffff880`014624e2 8bf8 mov edi,eax
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: afd!AfdPoll32+562
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: afd
IMAGE_NAME: afd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4db4dd96
FAILURE_BUCKET_ID: X64_0xD1_afd!AfdPoll32+562
BUCKET_ID: X64_0xD1_afd!AfdPoll32+562
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\010112-17456-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c5f000 PsLoadedModuleList = 0xfffff800`02ea4670
Debug session time: Sat Dec 31 21:30:20.766 2011 (UTC - 7:00)
System Uptime: 0 days 1:09:32.735
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41287, 7feef3870e, 0, 0}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+46485 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041287, The subtype of the bugcheck.
Arg2: 0000007feef3870e
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41287
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: Might & Magic
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800b167580 -- (.trap 0xfffff8800b167580)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000000000fd rbx=0000000000000000 rcx=0000000000000001
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002cfc5fd rsp=fffff8800b167710 rbp=fffffa800524a4c0
r8=0000000000000001 r9=fffff80002c5f000 r10=fffff8800b1677b8
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac pe nc
nt!RtlClearBits+0x3d:
fffff800`02cfc5fd 2006 and byte ptr [rsi],al ds:5000:00000000`00000000=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002c6ed7e to fffff80002cdbc40
STACK_TEXT:
fffff880`0b167128 fffff800`02c6ed7e : 00000000`0000001a 00000000`00041287 0000007f`eef3870e 00000000`00000000 : nt!KeBugCheckEx
fffff880`0b167130 fffff800`02cd9d6e : 00000000`00000000 0000007f`eef3870e 00000000`00000200 2ae00001`431e3921 : nt! ?? ::FNODOBFM::`string'+0x46485
fffff880`0b167290 fffff800`02cea4c0 : fffffa80`0524a4c0 fffff880`012fbb74 fffffa80`05f02b00 fffff880`0b167630 : nt!KiPageFault+0x16e
fffff880`0b167420 fffff800`02cd9d6e : 00000000`00000001 fffff980`065e4732 fffffa80`05f09800 00000000`00000001 : nt!MmAccessFault+0x1900
fffff880`0b167580 fffff800`02cfc5fd : ffff0000`0a3fb4d2 00000000`00000000 00000000`00000008 00000000`00000000 : nt!KiPageFault+0x16e
fffff880`0b167710 fffff880`012d1bf6 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!RtlClearBits+0x3d
fffff880`0b167740 fffff880`012d2730 : fffffa80`0524a4c0 00000000`00000000 fffffa80`0524a4c0 fffff880`0b167858 : Ntfs!NtfsFreeBitmapRun+0x1c6
fffff880`0b167810 fffff880`012d2d56 : fffffa80`0524a4c0 fffffa80`06166180 fffff8a0`0c515860 00000000`00000003 : Ntfs!NtfsDeallocateClusters+0x310
fffff880`0b167900 fffff880`012d2340 : fffffa80`0524a4c0 fffff8a0`0c515860 00000000`00000000 fffffa80`0524a400 : Ntfs!NtfsDeleteAllocationInternal+0x86
fffff880`0b167a70 fffff880`012caa46 : fffffa80`0524a4c0 fffffa80`08936280 fffffa80`0524a400 00000000`00000000 : Ntfs!NtfsDeleteAllocation+0x290
fffff880`0b167b50 fffff880`012c9ad1 : fffffa80`0524a4c0 fffffa80`050a6968 fffff8a0`0c515730 00000000`00000020 : Ntfs!NtfsReplaceAttribute+0x16e
fffff880`0b167c40 fffff880`012d6f75 : fffffa80`0524a4c0 fffffa80`050a6610 fffff8a0`0c515ac8 fffff8a0`0c515700 : Ntfs!NtfsOverwriteAttr+0x585
fffff880`0b167da0 fffff880`012da09f : fffffa80`0524a4c0 fffffa80`050a6610 fffff8a0`0c515ac8 fffff880`00000070 : Ntfs!NtfsOpenAttributeInExistingFile+0x6e5
fffff880`0b167f30 fffff880`012ea166 : fffffa80`0524a4c0 fffffa80`050a6610 fffff8a0`0c515ac8 00000000`00000705 : Ntfs!NtfsOpenExistingPrefixFcb+0x1ef
fffff880`0b168020 fffff880`012e7911 : fffffa80`0524a4c0 fffffa80`050a6610 fffff880`0b1681f0 fffff880`0b168240 : Ntfs!NtfsFindStartingNode+0x5e6
fffff880`0b1680f0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Ntfs!NtfsCommonCreate+0x3e1
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+46485
fffff800`02c6ed7e cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+46485
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x1a_41287_nt!_??_::FNODOBFM::_string_+46485
BUCKET_ID: X64_0x1a_41287_nt!_??_::FNODOBFM::_string_+46485
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\010312-20529-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c14000 PsLoadedModuleList = 0xfffff800`02e59670
Debug session time: Mon Jan 2 16:36:15.156 2012 (UTC - 7:00)
System Uptime: 0 days 0:03:46.093
Loading Kernel Symbols
...............................................................
................................................................
.....................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C7, {4, fffff80002d42760, d720, 0}
Probably caused by : ntkrnlmp.exe ( nt!PpmCheckRun+0 )
Followup: MachineOwner
---------
5: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
TIMER_OR_DPC_INVALID (c7)
Kernel timer or DPC used incorrectly.
Arguments:
Arg1: 0000000000000004, Thread APC disable count was changed during DPC routine execution.
Arg2: fffff80002d42760, Address of the DPC routine.
Arg3: 000000000000d720, Thread APC disable count before calling DPC routine.
Arg4: 0000000000000000, Thread APC disable count after calling DPC routine.
The APC disable count is decremented each time a driver calls
KeEnterCriticalRegion, FsRtlEnterFileSystem, or acquires a mutex. The APC
disable count is incremented each time a driver calls KeLeaveCriticalRegion,
FsRtlExitFileSystem, or KeReleaseMutex.
Debugging Details:
------------------
INVALID_DPC_FOUND: fffff80002d42760
FAULTING_IP:
nt!PpmCheckRun+0
fffff800`02d42760 4883ec28 sub rsp,28h
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xC7
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80002d12e2e to fffff80002c90c40
STACK_TEXT:
fffff880`032afcc8 fffff800`02d12e2e : 00000000`000000c7 00000000`00000004 fffff800`02d42760 00000000`0000d720 : nt!KeBugCheckEx
fffff880`032afcd0 fffff800`02c8896a : fffff880`03287180 fffff880`032920c0 00000000`00000000 fffff800`02d42760 : nt! ?? ::FNODOBFM::`string'+0x58f56
fffff880`032afd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
nt!PpmCheckRun+0
fffff800`02d42760 4883ec28 sub rsp,28h
SYMBOL_NAME: nt!PpmCheckRun+0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0xC7_nt!PpmCheckRun+0
BUCKET_ID: X64_0xC7_nt!PpmCheckRun+0
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\010512-22323-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e49000 PsLoadedModuleList = 0xfffff800`0308e670
Debug session time: Wed Jan 4 16:05:25.595 2012 (UTC - 7:00)
System Uptime: 0 days 22:45:52.594
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff900c363c828, 0, fffff960001a3fef, 0}
Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!TimersProc+73 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff900c363c828, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff960001a3fef, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030f8100
fffff900c363c828
FAULTING_IP:
win32k!TimersProc+73
fffff960`001a3fef 8b5348 mov edx,dword ptr [rbx+48h]
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: csrss.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff88005c70910 -- (.trap 0xfffff88005c70910)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000000000a1 rbx=0000000000000000 rcx=00000000000000a1
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff960001a3fef rsp=fffff88005c70aa0 rbp=0000000000000000
r8=fffffa8007d0bbb8 r9=0000000000000000 r10=fffffffffffffffb
r11=00000000002f5b00 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
win32k!TimersProc+0x73:
fffff960`001a3fef 8b5348 mov edx,dword ptr [rbx+48h] ds:00000000`00000048=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002e719fc to fffff80002ec5c40
STACK_TEXT:
fffff880`05c707a8 fffff800`02e719fc : 00000000`00000050 fffff900`c363c828 00000000`00000000 fffff880`05c70910 : nt!KeBugCheckEx
fffff880`05c707b0 fffff800`02ec3d6e : 00000000`00000000 fffff900`c363c828 00000000`00000000 fffff900`c363c7e0 : nt! ?? ::FNODOBFM::`string'+0x4611f
fffff880`05c70910 fffff960`001a3fef : 00000000`00000000 00000000`00000001 00000000`00000004 fffff800`02ecf7f3 : nt!KiPageFault+0x16e
fffff880`05c70aa0 fffff960`001a4ae7 : 00000000`00000000 fffff960`003c4cb0 00000000`00000004 00000000`00000001 : win32k!TimersProc+0x73
fffff880`05c70af0 fffff960`0013511c : fffffa80`0000007b 00000000`0000000f fffff880`00000001 ffffffff`800002d0 : win32k!RawInputThread+0x9ab
fffff880`05c70bc0 fffff960`001b539a : fffffa80`00000002 fffff880`05c5cf40 00000000`00000020 00000000`00000000 : win32k!xxxCreateSystemThreads+0x58
fffff880`05c70bf0 fffff800`02ec4ed3 : fffffa80`07c10b60 00000000`00000004 000007ff`fffd3000 00000000`00000000 : win32k!NtUserCallNoParam+0x36
fffff880`05c70c20 000007fe`fdb31eea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`004cfa38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`fdb31eea
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!TimersProc+73
fffff960`001a3fef 8b5348 mov edx,dword ptr [rbx+48h]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: win32k!TimersProc+73
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ecdcd5a
FAILURE_BUCKET_ID: X64_0x50_win32k!TimersProc+73
BUCKET_ID: X64_0x50_win32k!TimersProc+73
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\010512-37970-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e5d000 PsLoadedModuleList = 0xfffff800`030a2670
Debug session time: Thu Jan 5 02:40:13.480 2012 (UTC - 7:00)
System Uptime: 0 days 10:32:06.870
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {fffff800bbee3790, 2, 8, fffff800bbee3790}
Probably caused by : ndis.sys ( ndis!ndisQueueDpcWorkItem+34 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff800bbee3790, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: fffff800bbee3790, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000310c100
fffff800bbee3790
CURRENT_IRQL: 2
FAULTING_IP:
+6536656238383738
fffff800`bbee3790 ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: plugin-contain
TRAP_FRAME: fffff88003192c80 -- (.trap 0xfffff88003192c80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa8006d007c0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800bbee3790 rsp=fffff88003192e18 rbp=fffffa8006d007c0
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000246 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
fffff800`bbee3790 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ed91e9 to fffff80002ed9c40
FAILED_INSTRUCTION_ADDRESS:
+6536656238383738
fffff800`bbee3790 ?? ???
STACK_TEXT:
fffff880`03192b38 fffff800`02ed91e9 : 00000000`0000000a fffff800`bbee3790 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx
fffff880`03192b40 fffff800`02ed7e60 : fffffa80`06d007c0 fffff880`0176ad1e fffffa80`06d007c0 fffffa80`06d007c0 : nt!KiBugCheckDispatch+0x69
fffff880`03192c80 fffff800`bbee3790 : fffff880`016f67b4 fffffa80`00000000 fffffa80`00000000 fffff880`031670a0 : nt!KiPageFault+0x260
fffff880`03192e18 fffff880`016f67b4 : fffffa80`00000000 fffffa80`00000000 fffff880`031670a0 00000000`0000000b : 0xfffff800`bbee3790
fffff880`03192e20 fffff880`01700f75 : fffffa80`06d007c0 00000000`00000000 fffffa80`06be21a0 01cccb8e`06153546 : ndis!ndisQueueDpcWorkItem+0x34
fffff880`03192e70 fffff800`02ee50ac : fffffa80`06d007e8 fffffa80`00000000 00000000`00000000 fffff880`03163180 : ndis! ?? ::FNODOBFM::`string'+0x7135
fffff880`03192f00 fffff800`02edc765 : 3f3f3f3f`3f3f3f3f fffffa80`054fbb60 00000000`00000000 fffff880`016e3a00 : nt!KiRetireDpcList+0x1bc
fffff880`03192fb0 fffff800`02edc57c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KyRetireDpcList+0x5
fffff880`09785be0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchInterruptContinue
STACK_COMMAND: kb
FOLLOWUP_IP:
ndis!ndisQueueDpcWorkItem+34
fffff880`016f67b4 498d8fc80d0000 lea rcx,[r15+0DC8h]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: ndis!ndisQueueDpcWorkItem+34
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ndis
IMAGE_NAME: ndis.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce79392
FAILURE_BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_ndis!ndisQueueDpcWorkItem+34
BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_ndis!ndisQueueDpcWorkItem+34
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\010612-32541-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e5d000 PsLoadedModuleList = 0xfffff800`030a2670
Debug session time: Fri Jan 6 07:48:10.340 2012 (UTC - 7:00)
System Uptime: 1 days 5:01:09.354
Loading Kernel Symbols
...............................................................
................................................................
.......................
Loading User Symbols
Loading unloaded module list
...................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffff8a0222cb058, 0, fffff8800134cdaf, 0}
Could not read faulting driver name
Probably caused by : Ntfs.sys ( Ntfs! ?? ::NNGAKEGL::`string'+11bc0 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff8a0222cb058, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff8800134cdaf, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000310c100
fffff8a0222cb058
FAULTING_IP:
Ntfs! ?? ::NNGAKEGL::`string'+11bc0
fffff880`0134cdaf 394158 cmp dword ptr [rcx+58h],eax
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: firefox.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800ac68750 -- (.trap 0xfffff8800ac68750)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000002ea5b rbx=0000000000000000 rcx=fffff8a0222cb000
rdx=fffff8a020fe3010 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800134cdaf rsp=fffff8800ac688e0 rbp=fffffa80054608a0
r8=fffff8a00c92eb40 r9=fffff8800ac68bf8 r10=fffff880012ad180
r11=fffff8800ac68958 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
Ntfs! ?? ::NNGAKEGL::`string'+0x11bc0:
fffff880`0134cdaf 394158 cmp dword ptr [rcx+58h],eax ds:ea5b:fffff8a0`222cb058=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002e859fc to fffff80002ed9c40
STACK_TEXT:
fffff880`0ac685e8 fffff800`02e859fc : 00000000`00000050 fffff8a0`222cb058 00000000`00000000 fffff880`0ac68750 : nt!KeBugCheckEx
fffff880`0ac685f0 fffff800`02ed7d6e : 00000000`00000000 fffff8a0`222cb058 fffff8a0`20fe3000 fffff880`0ac68968 : nt! ?? ::FNODOBFM::`string'+0x4611f
fffff880`0ac68750 fffff880`0134cdaf : fffff8a0`0c92eb40 fffffa80`057c6170 00000000`00000002 fffff880`012608bb : nt!KiPageFault+0x16e
fffff880`0ac688e0 fffff880`012d3f79 : fffff8a0`20fe3140 fffffa80`05460801 fffffa80`057c6100 00210000`0002ea00 : Ntfs! ?? ::NNGAKEGL::`string'+0x11bc0
fffff880`0ac68960 fffff880`012f8179 : fffff880`0acda3b0 fffffa80`054608a0 fffffa80`057c6170 00000000`00000000 : Ntfs!NtfsOpenFile+0x3b9
fffff880`0ac68b50 fffff880`01260a3d : fffffa80`057c6170 fffffa80`054608a0 fffff880`0acda3b0 fffffa80`08e01600 : Ntfs!NtfsCommonCreate+0xc49
fffff880`0ac68d30 fffff800`02ed1757 : fffff880`0acda320 00000000`fff76000 00000000`fff74000 00000000`126cf750 : Ntfs!NtfsCommonCreateCallout+0x1d
fffff880`0ac68d60 fffff800`02ed1711 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxSwitchKernelStackCallout+0x27
fffff880`0acda1f0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue
STACK_COMMAND: kb
FOLLOWUP_IP:
Ntfs! ?? ::NNGAKEGL::`string'+11bc0
fffff880`0134cdaf 394158 cmp dword ptr [rcx+58h],eax
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: Ntfs! ?? ::NNGAKEGL::`string'+11bc0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b
FAILURE_BUCKET_ID: X64_0x50_Ntfs!_??_::NNGAKEGL::_string_+11bc0
BUCKET_ID: X64_0x50_Ntfs!_??_::NNGAKEGL::_string_+11bc0
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\010712-20982-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e59000 PsLoadedModuleList = 0xfffff800`0309e670
Debug session time: Sat Jan 7 10:30:55.444 2012 (UTC - 7:00)
System Uptime: 1 days 2:00:16.045
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
.................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {3, fffffa8004e78a10, 6e006500730075, fa800905609004c0}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+a53 )
Followup: Pool_corruption
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffffa8004e78a10, the pool entry being checked.
Arg3: 006e006500730075, the read back flink freelist value (should be the same as 2).
Arg4: fa800905609004c0, the read back blink freelist value (should be the same as 2).
Debugging Details:
------------------
BUGCHECK_STR: 0x19_3
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: RtWLan.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800030034b3 to fffff80002ed5c40
STACK_TEXT:
fffff880`09ae97a8 fffff800`030034b3 : 00000000`00000019 00000000`00000003 fffffa80`04e78a10 006e0065`00730075 : nt!KeBugCheckEx
fffff880`09ae97b0 fffff800`031cfa5f : 00000000`00000002 fffffa80`04e84d08 00000000`00000000 fffff800`00000000 : nt!ExDeferredFreePool+0xa53
fffff880`09ae98a0 fffff800`031cf87b : fffffa80`00000000 fffffa80`04efe300 fffffa80`00000050 fffff880`09ae9948 : nt!ObpAllocateObject+0x12f
fffff880`09ae9910 fffff800`0319de54 : fffff880`09ae9a68 00000000`00000001 fffff8a0`103a06f0 fffff8a0`1745b780 : nt!ObCreateObject+0xdb
fffff880`09ae9980 fffff800`031aa433 : fffff880`09ae9ae8 fffffa80`0826b960 fffff8a0`1745b780 00000000`040de7d0 : nt!SepDuplicateToken+0xf4
fffff880`09ae9a20 fffff800`0319bff7 : fffff8a0`0f8ea5c0 fffffa80`05306000 fffffa80`0826b960 00000000`00000090 : nt!SeCopyClientToken+0x5f
fffff880`09ae9ab0 fffff800`031aaa63 : 00000000`00000000 ffffffff`ffffffff ffffffff`ffffffff fffffa80`05306060 : nt!SepCreateClientSecurity+0xb7
fffff880`09ae9ae0 fffff800`03174975 : 00000000`0341a3f8 00000000`00000001 fffff880`09ae9bc8 fffff880`09ae9c38 : nt!AlpcpCreateSecurityContext+0xe7
fffff880`09ae9b80 fffff800`02ed4ed3 : fffffa80`081e3b60 00000000`7ef9e000 00000000`7ef9e000 00000000`7ef9e000 : nt!NtAlpcCreateSecurityContext+0x130
fffff880`09ae9c20 00000000`77bf1aaa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`040de7e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77bf1aaa
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+a53
fffff800`030034b3 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExDeferredFreePool+a53
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a53
BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a53
Followup: Pool_corruption
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\010812-18267-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e03000 PsLoadedModuleList = 0xfffff800`03048670
Debug session time: Sun Jan 8 14:28:58.722 2012 (UTC - 7:00)
System Uptime: 0 days 22:43:40.111
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
.................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {18000000448, 2, 1, fffff80002f2afcf}
Probably caused by : memory_corruption ( nt!MiIdentifyPfn+26f )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000018000000448, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002f2afcf, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800030b2100
0000018000000448
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiIdentifyPfn+26f
fffff800`02f2afcf f0410fba6e481f lock bts dword ptr [r14+48h],1Fh
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: svchost.exe
TRAP_FRAME: fffff8800833a4e0 -- (.trap 0xfffff8800833a4e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=0a00000000000020
rdx=00000000000155fc rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002f2afcf rsp=fffff8800833a670 rbp=fffffa8005ba0010
r8=0000000000015629 r9=0000000000000001 r10=0000000000000042
r11=0000058000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po nc
nt!MiIdentifyPfn+0x26f:
fffff800`02f2afcf f0410fba6e481f lock bts dword ptr [r14+48h],1Fh ds:00000000`00000048=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002e7f1e9 to fffff80002e7fc40
STACK_TEXT:
fffff880`0833a398 fffff800`02e7f1e9 : 00000000`0000000a 00000180`00000448 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0833a3a0 fffff800`02e7de60 : 00000000`42506650 00000000`00000000 00000000`00000000 02000000`001759af : nt!KiBugCheckDispatch+0x69
fffff880`0833a4e0 fffff800`02f2afcf : 00000000`00000000 02000000`000d1ea3 fffff880`0833a690 00000000`00000018 : nt!KiPageFault+0x260
fffff880`0833a670 fffff800`02f2bc7b : 00000000`00000000 00000000`00000004 fffffa80`0832bf28 fffffa80`0832b000 : nt!MiIdentifyPfn+0x26f
fffff880`0833a710 fffff800`032907e5 : fffffa80`0832b000 fffff880`0833aca0 fffff880`0833a7e8 00000000`00000000 : nt!MmQueryPfnList+0xbb
fffff880`0833a750 fffff800`031d34c8 : 00000000`00000006 00000000`00000000 fffffa80`0832b000 00000000`00000001 : nt!PfpPfnPrioRequest+0x115
fffff880`0833a7a0 fffff800`03189bd3 : 00000000`00000000 00000000`00000000 fffffa80`06d36000 fffffa80`0762b001 : nt! ?? ::NNGAKEGL::`string'+0x4810d
fffff880`0833a830 fffff800`0318a449 : 00000000`0114b7c8 00000000`01854b80 00000000`0114b820 00000000`00000000 : nt!ExpQuerySystemInformation+0x1193
fffff880`0833abe0 fffff800`02e7eed3 : 00000000`00000005 fffff880`0833aca0 00000000`07541280 00000000`01854770 : nt!NtQuerySystemInformation+0x4d
fffff880`0833ac20 00000000`7764167a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0114b6f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7764167a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MiIdentifyPfn+26f
fffff800`02f2afcf f0410fba6e481f lock bts dword ptr [r14+48h],1Fh
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!MiIdentifyPfn+26f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0xA_nt!MiIdentifyPfn+26f
BUCKET_ID: X64_0xA_nt!MiIdentifyPfn+26f
Followup: MachineOwner
---------
Please remove any CD/DVD virtualization software, such as Daemon Tools/Alcohol 120%, as they use a driver called sptd.sys that is known to cause BSODs. After their removal, use the