Random BSOD, mostly when gaming


  1. Posts : 309
    Windows 7 Home Premium x64
       #1

    Random BSOD, mostly when gaming


    Hi

    So I am getting a few random BSOD happens most of the times when I play games.

    I have runned prime95 for a couple of hours with no errors
    I have runned memtest+ for 4 hours and no errors

    Might need to write down that I am running 2 computer screens of my nVidia gtx 260, 1 with the resolution of 900x1600 & the other 1920x1080.

    System Spec:
    Windows 7 x64
    OEM version that I have bought myself so Full Retail
    Age on the hardware hard to say dont quite remember but 2-3 years maybe
    Last time I reinstalled windows 7 was a year back I belive, I am rather bad with remember stuff like that.

    Think that is about all info needed from reading the BSOD posting instructions
      My Computer


  2. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #2

    Code:
    1. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\123011-25662-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c11000 PsLoadedModuleList = 0xfffff800`02e56670 Debug session time: Fri Dec 30 11:40:21.047 2011 (UTC - 7:00) System Uptime: 0 days 0:00:39.920 Loading Kernel Symbols ............................................................... ................................................................ ................. Loading User Symbols Loading unloaded module list ...... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {80f0, 2, 0, fffff80002c91544} Probably caused by : memory_corruption Followup: memory_corruption --------- 6: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 00000000000080f0, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff80002c91544, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ec0100 00000000000080f0 CURRENT_IRQL: 2 FAULTING_IP: nt!IopfCompleteRequest+864 fffff800`02c91544 488b8c00f0000000 mov rcx,qword ptr [rax+rax+0F0h] CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: CODE_CORRUPTION BUGCHECK_STR: 0xA PROCESS_NAME: Skype.exe TRAP_FRAME: fffff88009295280 -- (.trap 0xfffff88009295280) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000004000 rbx=0000000000000000 rcx=fffffa80086f02e0 rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002c91544 rsp=fffff88009295410 rbp=0000000000000002 r8=000000000000000b r9=0000000000000727 r10=0000000000000000 r11=fffff880092954f8 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!IopfCompleteRequest+0x864: fffff800`02c91544 488b8c00f0000000 mov rcx,qword ptr [rax+rax+0F0h] ds:5430:00000000`000080f0=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002c8d1e9 to fffff80002c8dc40 STACK_TEXT: fffff880`09295138 fffff800`02c8d1e9 : 00000000`0000000a 00000000`000080f0 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx fffff880`09295140 fffff800`02c8be60 : 00000000`00000000 fffff800`02c9574f fffff880`092956d0 00000000`00000042 : nt!KiBugCheckDispatch+0x69 fffff880`09295280 fffff800`02c91544 : 00000000`00fc3400 fffff800`02d928ee fffffa80`20707249 fffffa80`07fda630 : nt!KiPageFault+0x260 fffff880`09295410 fffff880`012103ea : fffff880`092956d0 00000000`00000001 fffff880`09295830 00000000`00000000 : nt!IopfCompleteRequest+0x864 fffff880`09295500 fffff880`01210a68 : fffff880`092956d0 fffffa80`088dac10 fffff880`09295801 fffffa80`08747001 : Ntfs!NtfsCommonRead+0x1bbe fffff880`092956a0 fffff880`00dabbcf : fffffa80`088dafb0 fffffa80`088dac10 fffffa80`08747010 00000000`00000000 : Ntfs!NtfsFsdRead+0x1b8 fffff880`092958b0 fffff880`00daa6df : fffffa80`05f2ea30 fffffa80`07fda601 fffffa80`05f2ea00 fffffa80`088dac10 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f fffff880`09295940 fffff800`02cb5bc5 : fffffa80`088dac30 fffffa80`0870fa90 fffffa80`086f0350 00000000`0237e000 : fltmgr!FltpDispatch+0xcf fffff880`092959a0 fffff800`02cb5699 : 15f00001`0cf5e201 15f00001`0cf5e201 fffffa80`086f0290 00000000`00000018 : nt!IoPageRead+0x255 fffff880`09295a30 fffff800`02c9c02a : 00000000`00000000 00000000`00000000 ffffffff`ffffffff 00000000`00000000 : nt!MiIssueHardFault+0x255 fffff880`09295ac0 fffff800`02c8bd6e : 00000000`00000000 00000000`0237e000 fffffa80`00000001 00000000`0018ff60 : nt!MmAccessFault+0x146a fffff880`09295c20 00000000`005a3603 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e 00000000`00189f78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x5a3603 STACK_COMMAND: kb CHKIMG_EXTENSION: !chkimg -lo 50 -db !nt 14 errors : !nt (fffff80002c91547-fffff80002c915ff) fffff80002c91540 91 5a fe ff 48 8b 8c *00 f0 00 00 00 44 8b 8c *00 .Z..H.......D... fffff80002c91550 f8 00 00 00 45 32 ff *00 89 8c 24 00 01 00 00 *00 ....E2....$..... fffff80002c91560 89 8c 24 f0 00 00 00 *00 ff 85 00 4b 00 00 f0 *00 ..$........K.... fffff80002c91570 0f ba ae 80 04 00 00 00 0f 82 82 5a fe ff 0f *00 ...........Z.... ... fffff80002c915c0 fe ff 48 8b 84 24 f0 00 00 00 45 32 c0 f0 48 *00 ..H..$....E2..H. fffff80002c915d0 21 00 45 84 c0 0f 85 *06 5a fe ff 41 0f b6 c4 *00 !.E.....Z..A.... fffff80002c915e0 0f 22 c0 e9 9d fa ff *d5 44 39 66 04 0f 84 31 *d8 ."......D9f...1. fffff80002c915f0 ff ff 45 8b f4 e9 a1 *62 ff ff 4c 8b 7e 08 4c *82 ..E....b..L.~.L. MODULE_NAME: memory_corruption IMAGE_NAME: memory_corruption FOLLOWUP_NAME: memory_corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MEMORY_CORRUPTOR: STRIDE FAILURE_BUCKET_ID: X64_MEMORY_CORRUPTION_STRIDE BUCKET_ID: X64_MEMORY_CORRUPTION_STRIDE Followup: memory_corruption ---------
    2. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\123011-18782-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c5b000 PsLoadedModuleList = 0xfffff800`02ea0670 Debug session time: Fri Dec 30 11:51:47.000 2011 (UTC - 7:00) System Uptime: 0 days 0:00:20.999 Loading Kernel Symbols ............................................................... ............................................................... Loading User Symbols Loading unloaded module list ...... Unable to load image \SystemRoot\system32\DRIVERS\rtl8192Ce.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for rtl8192Ce.sys *** ERROR: Module load completed but symbols could not be loaded for rtl8192Ce.sys ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1000007E, {ffffffffc0000005, fffff880046be788, fffff8800353f868, fffff8800353f0c0} Probably caused by : rtl8192Ce.sys ( rtl8192Ce+a8788 ) Followup: MachineOwner --------- 4: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG. This will let us see why this breakpoint is happening. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffff880046be788, The address that the exception occurred at Arg3: fffff8800353f868, Exception Record Address Arg4: fffff8800353f0c0, Context Record Address Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: rtl8192Ce+a8788 fffff880`046be788 480fbae10e bt rcx,0Eh EXCEPTION_RECORD: fffff8800353f868 -- (.exr 0xfffff8800353f868) ExceptionAddress: fffff880046be788 (rtl8192Ce+0x00000000000a8788) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000001 Parameter[1]: 000000000000000e Attempt to write to address 000000000000000e CONTEXT: fffff8800353f0c0 -- (.cxr 0xfffff8800353f0c0) rax=0000000000000000 rbx=fffffa8006ff6000 rcx=0000000000000000 rdx=0000000000000000 rsi=0000000000000000 rdi=fffffa80071be000 rip=fffff880046be788 rsp=fffff8800353faa0 rbp=0000000000000000 r8=0000000000000000 r9=fffff8800353fb00 r10=fffffa80071be000 r11=fffff8800353fad0 r12=000000000060a42b r13=0000000000000000 r14=0000000000000000 r15=000000000060a42b iopl=0 nv up ei pl zr na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246 rtl8192Ce+0xa8788: fffff880`046be788 480fbae10e bt rcx,0Eh Resetting default scope CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: System CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000001 EXCEPTION_PARAMETER2: 000000000000000e WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f0a100 000000000000000e FOLLOWUP_IP: rtl8192Ce+a8788 fffff880`046be788 480fbae10e bt rcx,0Eh BUGCHECK_STR: 0x7E DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE LAST_CONTROL_TRANSFER: from fffffa8006ff6000 to fffff880046be788 STACK_TEXT: fffff880`0353faa0 fffffa80`06ff6000 : 00000000`00000000 fffffa80`06d8d010 fffffa80`071be000 00000000`00000000 : rtl8192Ce+0xa8788 fffff880`0353faa8 00000000`00000000 : fffffa80`06d8d010 fffffa80`071be000 00000000`00000000 00000000`00000000 : 0xfffffa80`06ff6000 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: rtl8192Ce+a8788 FOLLOWUP_NAME: MachineOwner MODULE_NAME: rtl8192Ce IMAGE_NAME: rtl8192Ce.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d91b0db STACK_COMMAND: .cxr 0xfffff8800353f0c0 ; kb FAILURE_BUCKET_ID: X64_0x7E_rtl8192Ce+a8788 BUCKET_ID: X64_0x7E_rtl8192Ce+a8788 Followup: MachineOwner ---------
    3. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\123011-20904-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c4b000 PsLoadedModuleList = 0xfffff800`02e90670 Debug session time: Fri Dec 30 12:22:49.214 2011 (UTC - 7:00) System Uptime: 0 days 0:00:46.197 Loading Kernel Symbols ............................................................... ................................................................ ................... Loading User Symbols Loading unloaded module list ...... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {0, 2, 1, fffff8800090960d} Probably caused by : afd.sys ( afd!AfdPoll32+562 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0000000000000000, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, value 0 = read operation, 1 = write operation Arg4: fffff8800090960d, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002efa100 0000000000000000 CURRENT_IRQL: 2 FAULTING_IP: +3861343666623665 fffff880`0090960d ?? ??? CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: Steam.exe TRAP_FRAME: fffff88008a73730 -- (.trap 0xfffff88008a73730) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800858aa50 rdx=000000000000019f rsi=0000000000000000 rdi=0000000000000000 rip=fffff8800090960d rsp=fffff88008a738c8 rbp=fffffa8008ed3660 r8=000000000000afd1 r9=0000000000000000 r10=0000000000000004 r11=000000000000afd0 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc fffff880`0090960d ?? ??? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002cc71e9 to fffff80002cc7c40 STACK_TEXT: fffff880`08a735e8 fffff800`02cc71e9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx fffff880`08a735f0 fffff800`02cc5e60 : 00000000`00000000 fffff800`02cca6ef 00000000`00000018 fffff880`08a739f0 : nt!KiBugCheckDispatch+0x69 fffff880`08a73730 fffff880`0090960d : fffff880`014624e2 00000000`00000000 00000000`00000000 fffffa80`07d6b620 : nt!KiPageFault+0x260 fffff880`08a738c8 fffff880`014624e2 : 00000000`00000000 00000000`00000000 fffffa80`07d6b620 00000000`000001a4 : 0xfffff880`0090960d fffff880`08a738d0 fffff880`01454fe5 : fffffa80`0627a900 fffffa80`08ed3700 00000000`00000000 00000000`00000000 : afd!AfdPoll32+0x562 fffff880`08a739e0 fffff800`02fe2a97 : fffffa80`07c6b610 fffff880`08a73ca0 fffffa80`07d6b810 fffffa80`07d6b620 : afd! ?? ::GFJBLGFE::`string'+0x1f35 fffff880`08a73a10 fffff800`02fe32f6 : fffff880`08a73bf8 00000000`000005b4 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x607 fffff880`08a73b40 fffff800`02cc6ed3 : fffff880`08a73ca0 fffffa80`08cf0060 fffff880`08a73bf8 fffff880`08a73c00 : nt!NtDeviceIoControlFile+0x56 fffff880`08a73bb0 00000000`72fe2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`03b9f0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x72fe2e09 STACK_COMMAND: kb FOLLOWUP_IP: afd!AfdPoll32+562 fffff880`014624e2 8bf8 mov edi,eax SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: afd!AfdPoll32+562 FOLLOWUP_NAME: MachineOwner MODULE_NAME: afd IMAGE_NAME: afd.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4db4dd96 FAILURE_BUCKET_ID: X64_0xD1_afd!AfdPoll32+562 BUCKET_ID: X64_0xD1_afd!AfdPoll32+562 Followup: MachineOwner ---------
    4. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\010112-17456-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c5f000 PsLoadedModuleList = 0xfffff800`02ea4670 Debug session time: Sat Dec 31 21:30:20.766 2011 (UTC - 7:00) System Uptime: 0 days 1:09:32.735 Loading Kernel Symbols ............................................................... ................................................................ .................... Loading User Symbols Loading unloaded module list ........... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1A, {41287, 7feef3870e, 0, 0} Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+46485 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* MEMORY_MANAGEMENT (1a) # Any other values for parameter 1 must be individually examined. Arguments: Arg1: 0000000000041287, The subtype of the bugcheck. Arg2: 0000007feef3870e Arg3: 0000000000000000 Arg4: 0000000000000000 Debugging Details: ------------------ BUGCHECK_STR: 0x1a_41287 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: Might & Magic CURRENT_IRQL: 0 TRAP_FRAME: fffff8800b167580 -- (.trap 0xfffff8800b167580) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=00000000000000fd rbx=0000000000000000 rcx=0000000000000001 rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002cfc5fd rsp=fffff8800b167710 rbp=fffffa800524a4c0 r8=0000000000000001 r9=fffff80002c5f000 r10=fffff8800b1677b8 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz ac pe nc nt!RtlClearBits+0x3d: fffff800`02cfc5fd 2006 and byte ptr [rsi],al ds:5000:00000000`00000000=?? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002c6ed7e to fffff80002cdbc40 STACK_TEXT: fffff880`0b167128 fffff800`02c6ed7e : 00000000`0000001a 00000000`00041287 0000007f`eef3870e 00000000`00000000 : nt!KeBugCheckEx fffff880`0b167130 fffff800`02cd9d6e : 00000000`00000000 0000007f`eef3870e 00000000`00000200 2ae00001`431e3921 : nt! ?? ::FNODOBFM::`string'+0x46485 fffff880`0b167290 fffff800`02cea4c0 : fffffa80`0524a4c0 fffff880`012fbb74 fffffa80`05f02b00 fffff880`0b167630 : nt!KiPageFault+0x16e fffff880`0b167420 fffff800`02cd9d6e : 00000000`00000001 fffff980`065e4732 fffffa80`05f09800 00000000`00000001 : nt!MmAccessFault+0x1900 fffff880`0b167580 fffff800`02cfc5fd : ffff0000`0a3fb4d2 00000000`00000000 00000000`00000008 00000000`00000000 : nt!KiPageFault+0x16e fffff880`0b167710 fffff880`012d1bf6 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!RtlClearBits+0x3d fffff880`0b167740 fffff880`012d2730 : fffffa80`0524a4c0 00000000`00000000 fffffa80`0524a4c0 fffff880`0b167858 : Ntfs!NtfsFreeBitmapRun+0x1c6 fffff880`0b167810 fffff880`012d2d56 : fffffa80`0524a4c0 fffffa80`06166180 fffff8a0`0c515860 00000000`00000003 : Ntfs!NtfsDeallocateClusters+0x310 fffff880`0b167900 fffff880`012d2340 : fffffa80`0524a4c0 fffff8a0`0c515860 00000000`00000000 fffffa80`0524a400 : Ntfs!NtfsDeleteAllocationInternal+0x86 fffff880`0b167a70 fffff880`012caa46 : fffffa80`0524a4c0 fffffa80`08936280 fffffa80`0524a400 00000000`00000000 : Ntfs!NtfsDeleteAllocation+0x290 fffff880`0b167b50 fffff880`012c9ad1 : fffffa80`0524a4c0 fffffa80`050a6968 fffff8a0`0c515730 00000000`00000020 : Ntfs!NtfsReplaceAttribute+0x16e fffff880`0b167c40 fffff880`012d6f75 : fffffa80`0524a4c0 fffffa80`050a6610 fffff8a0`0c515ac8 fffff8a0`0c515700 : Ntfs!NtfsOverwriteAttr+0x585 fffff880`0b167da0 fffff880`012da09f : fffffa80`0524a4c0 fffffa80`050a6610 fffff8a0`0c515ac8 fffff880`00000070 : Ntfs!NtfsOpenAttributeInExistingFile+0x6e5 fffff880`0b167f30 fffff880`012ea166 : fffffa80`0524a4c0 fffffa80`050a6610 fffff8a0`0c515ac8 00000000`00000705 : Ntfs!NtfsOpenExistingPrefixFcb+0x1ef fffff880`0b168020 fffff880`012e7911 : fffffa80`0524a4c0 fffffa80`050a6610 fffff880`0b1681f0 fffff880`0b168240 : Ntfs!NtfsFindStartingNode+0x5e6 fffff880`0b1680f0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Ntfs!NtfsCommonCreate+0x3e1 STACK_COMMAND: kb FOLLOWUP_IP: nt! ?? ::FNODOBFM::`string'+46485 fffff800`02c6ed7e cc int 3 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+46485 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3 FAILURE_BUCKET_ID: X64_0x1a_41287_nt!_??_::FNODOBFM::_string_+46485 BUCKET_ID: X64_0x1a_41287_nt!_??_::FNODOBFM::_string_+46485 Followup: MachineOwner ---------
    5. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\010312-20529-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02c14000 PsLoadedModuleList = 0xfffff800`02e59670 Debug session time: Mon Jan 2 16:36:15.156 2012 (UTC - 7:00) System Uptime: 0 days 0:03:46.093 Loading Kernel Symbols ............................................................... ................................................................ ..................... Loading User Symbols Loading unloaded module list ....... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck C7, {4, fffff80002d42760, d720, 0} Probably caused by : ntkrnlmp.exe ( nt!PpmCheckRun+0 ) Followup: MachineOwner --------- 5: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* TIMER_OR_DPC_INVALID (c7) Kernel timer or DPC used incorrectly. Arguments: Arg1: 0000000000000004, Thread APC disable count was changed during DPC routine execution. Arg2: fffff80002d42760, Address of the DPC routine. Arg3: 000000000000d720, Thread APC disable count before calling DPC routine. Arg4: 0000000000000000, Thread APC disable count after calling DPC routine. The APC disable count is decremented each time a driver calls KeEnterCriticalRegion, FsRtlEnterFileSystem, or acquires a mutex. The APC disable count is incremented each time a driver calls KeLeaveCriticalRegion, FsRtlExitFileSystem, or KeReleaseMutex. Debugging Details: ------------------ INVALID_DPC_FOUND: fffff80002d42760 FAULTING_IP: nt!PpmCheckRun+0 fffff800`02d42760 4883ec28 sub rsp,28h CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xC7 PROCESS_NAME: System CURRENT_IRQL: 2 LAST_CONTROL_TRANSFER: from fffff80002d12e2e to fffff80002c90c40 STACK_TEXT: fffff880`032afcc8 fffff800`02d12e2e : 00000000`000000c7 00000000`00000004 fffff800`02d42760 00000000`0000d720 : nt!KeBugCheckEx fffff880`032afcd0 fffff800`02c8896a : fffff880`03287180 fffff880`032920c0 00000000`00000000 fffff800`02d42760 : nt! ?? ::FNODOBFM::`string'+0x58f56 fffff880`032afd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a STACK_COMMAND: .bugcheck ; kb FOLLOWUP_IP: nt!PpmCheckRun+0 fffff800`02d42760 4883ec28 sub rsp,28h SYMBOL_NAME: nt!PpmCheckRun+0 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3 FAILURE_BUCKET_ID: X64_0xC7_nt!PpmCheckRun+0 BUCKET_ID: X64_0xC7_nt!PpmCheckRun+0 Followup: MachineOwner ---------
    6. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\010512-22323-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02e49000 PsLoadedModuleList = 0xfffff800`0308e670 Debug session time: Wed Jan 4 16:05:25.595 2012 (UTC - 7:00) System Uptime: 0 days 22:45:52.594 Loading Kernel Symbols ............................................................... ................................................................ ...................... Loading User Symbols Loading unloaded module list ................ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 50, {fffff900c363c828, 0, fffff960001a3fef, 0} Could not read faulting driver name Probably caused by : win32k.sys ( win32k!TimersProc+73 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: fffff900c363c828, memory referenced. Arg2: 0000000000000000, value 0 = read operation, 1 = write operation. Arg3: fffff960001a3fef, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000000, (reserved) Debugging Details: ------------------ Could not read faulting driver name READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030f8100 fffff900c363c828 FAULTING_IP: win32k!TimersProc+73 fffff960`001a3fef 8b5348 mov edx,dword ptr [rbx+48h] MM_INTERNAL_CODE: 0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x50 PROCESS_NAME: csrss.exe CURRENT_IRQL: 0 TRAP_FRAME: fffff88005c70910 -- (.trap 0xfffff88005c70910) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=00000000000000a1 rbx=0000000000000000 rcx=00000000000000a1 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff960001a3fef rsp=fffff88005c70aa0 rbp=0000000000000000 r8=fffffa8007d0bbb8 r9=0000000000000000 r10=fffffffffffffffb r11=00000000002f5b00 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po cy win32k!TimersProc+0x73: fffff960`001a3fef 8b5348 mov edx,dword ptr [rbx+48h] ds:00000000`00000048=???????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002e719fc to fffff80002ec5c40 STACK_TEXT: fffff880`05c707a8 fffff800`02e719fc : 00000000`00000050 fffff900`c363c828 00000000`00000000 fffff880`05c70910 : nt!KeBugCheckEx fffff880`05c707b0 fffff800`02ec3d6e : 00000000`00000000 fffff900`c363c828 00000000`00000000 fffff900`c363c7e0 : nt! ?? ::FNODOBFM::`string'+0x4611f fffff880`05c70910 fffff960`001a3fef : 00000000`00000000 00000000`00000001 00000000`00000004 fffff800`02ecf7f3 : nt!KiPageFault+0x16e fffff880`05c70aa0 fffff960`001a4ae7 : 00000000`00000000 fffff960`003c4cb0 00000000`00000004 00000000`00000001 : win32k!TimersProc+0x73 fffff880`05c70af0 fffff960`0013511c : fffffa80`0000007b 00000000`0000000f fffff880`00000001 ffffffff`800002d0 : win32k!RawInputThread+0x9ab fffff880`05c70bc0 fffff960`001b539a : fffffa80`00000002 fffff880`05c5cf40 00000000`00000020 00000000`00000000 : win32k!xxxCreateSystemThreads+0x58 fffff880`05c70bf0 fffff800`02ec4ed3 : fffffa80`07c10b60 00000000`00000004 000007ff`fffd3000 00000000`00000000 : win32k!NtUserCallNoParam+0x36 fffff880`05c70c20 000007fe`fdb31eea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`004cfa38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`fdb31eea STACK_COMMAND: kb FOLLOWUP_IP: win32k!TimersProc+73 fffff960`001a3fef 8b5348 mov edx,dword ptr [rbx+48h] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: win32k!TimersProc+73 FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4ecdcd5a FAILURE_BUCKET_ID: X64_0x50_win32k!TimersProc+73 BUCKET_ID: X64_0x50_win32k!TimersProc+73 Followup: MachineOwner ---------
    7. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\010512-37970-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02e5d000 PsLoadedModuleList = 0xfffff800`030a2670 Debug session time: Thu Jan 5 02:40:13.480 2012 (UTC - 7:00) System Uptime: 0 days 10:32:06.870 Loading Kernel Symbols ............................................................... ................................................................ .................... Loading User Symbols Loading unloaded module list ................ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck D1, {fffff800bbee3790, 2, 8, fffff800bbee3790} Probably caused by : ndis.sys ( ndis!ndisQueueDpcWorkItem+34 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: fffff800bbee3790, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000008, value 0 = read operation, 1 = write operation Arg4: fffff800bbee3790, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000310c100 fffff800bbee3790 CURRENT_IRQL: 2 FAULTING_IP: +6536656238383738 fffff800`bbee3790 ?? ??? CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 PROCESS_NAME: plugin-contain TRAP_FRAME: fffff88003192c80 -- (.trap 0xfffff88003192c80) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000001 rbx=0000000000000000 rcx=0000000000000000 rdx=fffffa8006d007c0 rsi=0000000000000000 rdi=0000000000000000 rip=fffff800bbee3790 rsp=fffff88003192e18 rbp=fffffa8006d007c0 r8=0000000000000000 r9=0000000000000000 r10=0000000000000000 r11=0000000000000246 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc fffff800`bbee3790 ?? ??? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002ed91e9 to fffff80002ed9c40 FAILED_INSTRUCTION_ADDRESS: +6536656238383738 fffff800`bbee3790 ?? ??? STACK_TEXT: fffff880`03192b38 fffff800`02ed91e9 : 00000000`0000000a fffff800`bbee3790 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx fffff880`03192b40 fffff800`02ed7e60 : fffffa80`06d007c0 fffff880`0176ad1e fffffa80`06d007c0 fffffa80`06d007c0 : nt!KiBugCheckDispatch+0x69 fffff880`03192c80 fffff800`bbee3790 : fffff880`016f67b4 fffffa80`00000000 fffffa80`00000000 fffff880`031670a0 : nt!KiPageFault+0x260 fffff880`03192e18 fffff880`016f67b4 : fffffa80`00000000 fffffa80`00000000 fffff880`031670a0 00000000`0000000b : 0xfffff800`bbee3790 fffff880`03192e20 fffff880`01700f75 : fffffa80`06d007c0 00000000`00000000 fffffa80`06be21a0 01cccb8e`06153546 : ndis!ndisQueueDpcWorkItem+0x34 fffff880`03192e70 fffff800`02ee50ac : fffffa80`06d007e8 fffffa80`00000000 00000000`00000000 fffff880`03163180 : ndis! ?? ::FNODOBFM::`string'+0x7135 fffff880`03192f00 fffff800`02edc765 : 3f3f3f3f`3f3f3f3f fffffa80`054fbb60 00000000`00000000 fffff880`016e3a00 : nt!KiRetireDpcList+0x1bc fffff880`03192fb0 fffff800`02edc57c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KyRetireDpcList+0x5 fffff880`09785be0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchInterruptContinue STACK_COMMAND: kb FOLLOWUP_IP: ndis!ndisQueueDpcWorkItem+34 fffff880`016f67b4 498d8fc80d0000 lea rcx,[r15+0DC8h] SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: ndis!ndisQueueDpcWorkItem+34 FOLLOWUP_NAME: MachineOwner MODULE_NAME: ndis IMAGE_NAME: ndis.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4ce79392 FAILURE_BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_ndis!ndisQueueDpcWorkItem+34 BUCKET_ID: X64_0xD1_CODE_AV_BAD_IP_ndis!ndisQueueDpcWorkItem+34 Followup: MachineOwner ---------
    8. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\010612-32541-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02e5d000 PsLoadedModuleList = 0xfffff800`030a2670 Debug session time: Fri Jan 6 07:48:10.340 2012 (UTC - 7:00) System Uptime: 1 days 5:01:09.354 Loading Kernel Symbols ............................................................... ................................................................ ....................... Loading User Symbols Loading unloaded module list ................... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 50, {fffff8a0222cb058, 0, fffff8800134cdaf, 0} Could not read faulting driver name Probably caused by : Ntfs.sys ( Ntfs! ?? ::NNGAKEGL::`string'+11bc0 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: fffff8a0222cb058, memory referenced. Arg2: 0000000000000000, value 0 = read operation, 1 = write operation. Arg3: fffff8800134cdaf, If non-zero, the instruction address which referenced the bad memory address. Arg4: 0000000000000000, (reserved) Debugging Details: ------------------ Could not read faulting driver name READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000310c100 fffff8a0222cb058 FAULTING_IP: Ntfs! ?? ::NNGAKEGL::`string'+11bc0 fffff880`0134cdaf 394158 cmp dword ptr [rcx+58h],eax MM_INTERNAL_CODE: 0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x50 PROCESS_NAME: firefox.exe CURRENT_IRQL: 0 TRAP_FRAME: fffff8800ac68750 -- (.trap 0xfffff8800ac68750) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=000000000002ea5b rbx=0000000000000000 rcx=fffff8a0222cb000 rdx=fffff8a020fe3010 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8800134cdaf rsp=fffff8800ac688e0 rbp=fffffa80054608a0 r8=fffff8a00c92eb40 r9=fffff8800ac68bf8 r10=fffff880012ad180 r11=fffff8800ac68958 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na po nc Ntfs! ?? ::NNGAKEGL::`string'+0x11bc0: fffff880`0134cdaf 394158 cmp dword ptr [rcx+58h],eax ds:ea5b:fffff8a0`222cb058=???????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002e859fc to fffff80002ed9c40 STACK_TEXT: fffff880`0ac685e8 fffff800`02e859fc : 00000000`00000050 fffff8a0`222cb058 00000000`00000000 fffff880`0ac68750 : nt!KeBugCheckEx fffff880`0ac685f0 fffff800`02ed7d6e : 00000000`00000000 fffff8a0`222cb058 fffff8a0`20fe3000 fffff880`0ac68968 : nt! ?? ::FNODOBFM::`string'+0x4611f fffff880`0ac68750 fffff880`0134cdaf : fffff8a0`0c92eb40 fffffa80`057c6170 00000000`00000002 fffff880`012608bb : nt!KiPageFault+0x16e fffff880`0ac688e0 fffff880`012d3f79 : fffff8a0`20fe3140 fffffa80`05460801 fffffa80`057c6100 00210000`0002ea00 : Ntfs! ?? ::NNGAKEGL::`string'+0x11bc0 fffff880`0ac68960 fffff880`012f8179 : fffff880`0acda3b0 fffffa80`054608a0 fffffa80`057c6170 00000000`00000000 : Ntfs!NtfsOpenFile+0x3b9 fffff880`0ac68b50 fffff880`01260a3d : fffffa80`057c6170 fffffa80`054608a0 fffff880`0acda3b0 fffffa80`08e01600 : Ntfs!NtfsCommonCreate+0xc49 fffff880`0ac68d30 fffff800`02ed1757 : fffff880`0acda320 00000000`fff76000 00000000`fff74000 00000000`126cf750 : Ntfs!NtfsCommonCreateCallout+0x1d fffff880`0ac68d60 fffff800`02ed1711 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxSwitchKernelStackCallout+0x27 fffff880`0acda1f0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue STACK_COMMAND: kb FOLLOWUP_IP: Ntfs! ?? ::NNGAKEGL::`string'+11bc0 fffff880`0134cdaf 394158 cmp dword ptr [rcx+58h],eax SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: Ntfs! ?? ::NNGAKEGL::`string'+11bc0 FOLLOWUP_NAME: MachineOwner MODULE_NAME: Ntfs IMAGE_NAME: Ntfs.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b FAILURE_BUCKET_ID: X64_0x50_Ntfs!_??_::NNGAKEGL::_string_+11bc0 BUCKET_ID: X64_0x50_Ntfs!_??_::NNGAKEGL::_string_+11bc0 Followup: MachineOwner ---------
    9. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\010712-20982-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02e59000 PsLoadedModuleList = 0xfffff800`0309e670 Debug session time: Sat Jan 7 10:30:55.444 2012 (UTC - 7:00) System Uptime: 1 days 2:00:16.045 Loading Kernel Symbols ............................................................... ................................................................ .................... Loading User Symbols Loading unloaded module list ................................. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 19, {3, fffffa8004e78a10, 6e006500730075, fa800905609004c0} Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+a53 ) Followup: Pool_corruption --------- 3: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* BAD_POOL_HEADER (19) The pool is already corrupt at the time of the current request. This may or may not be due to the caller. The internal pool links must be walked to figure out a possible cause of the problem, and then special pool applied to the suspect tags or the driver verifier to a suspect driver. Arguments: Arg1: 0000000000000003, the pool freelist is corrupt. Arg2: fffffa8004e78a10, the pool entry being checked. Arg3: 006e006500730075, the read back flink freelist value (should be the same as 2). Arg4: fa800905609004c0, the read back blink freelist value (should be the same as 2). Debugging Details: ------------------ BUGCHECK_STR: 0x19_3 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: RtWLan.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff800030034b3 to fffff80002ed5c40 STACK_TEXT: fffff880`09ae97a8 fffff800`030034b3 : 00000000`00000019 00000000`00000003 fffffa80`04e78a10 006e0065`00730075 : nt!KeBugCheckEx fffff880`09ae97b0 fffff800`031cfa5f : 00000000`00000002 fffffa80`04e84d08 00000000`00000000 fffff800`00000000 : nt!ExDeferredFreePool+0xa53 fffff880`09ae98a0 fffff800`031cf87b : fffffa80`00000000 fffffa80`04efe300 fffffa80`00000050 fffff880`09ae9948 : nt!ObpAllocateObject+0x12f fffff880`09ae9910 fffff800`0319de54 : fffff880`09ae9a68 00000000`00000001 fffff8a0`103a06f0 fffff8a0`1745b780 : nt!ObCreateObject+0xdb fffff880`09ae9980 fffff800`031aa433 : fffff880`09ae9ae8 fffffa80`0826b960 fffff8a0`1745b780 00000000`040de7d0 : nt!SepDuplicateToken+0xf4 fffff880`09ae9a20 fffff800`0319bff7 : fffff8a0`0f8ea5c0 fffffa80`05306000 fffffa80`0826b960 00000000`00000090 : nt!SeCopyClientToken+0x5f fffff880`09ae9ab0 fffff800`031aaa63 : 00000000`00000000 ffffffff`ffffffff ffffffff`ffffffff fffffa80`05306060 : nt!SepCreateClientSecurity+0xb7 fffff880`09ae9ae0 fffff800`03174975 : 00000000`0341a3f8 00000000`00000001 fffff880`09ae9bc8 fffff880`09ae9c38 : nt!AlpcpCreateSecurityContext+0xe7 fffff880`09ae9b80 fffff800`02ed4ed3 : fffffa80`081e3b60 00000000`7ef9e000 00000000`7ef9e000 00000000`7ef9e000 : nt!NtAlpcCreateSecurityContext+0x130 fffff880`09ae9c20 00000000`77bf1aaa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`040de7e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77bf1aaa STACK_COMMAND: kb FOLLOWUP_IP: nt!ExDeferredFreePool+a53 fffff800`030034b3 cc int 3 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt!ExDeferredFreePool+a53 FOLLOWUP_NAME: Pool_corruption IMAGE_NAME: Pool_Corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MODULE_NAME: Pool_Corruption FAILURE_BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a53 BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a53 Followup: Pool_corruption ---------
    10. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Andreas W\Windows_NT6_BSOD_jcgriff2\010812-18267-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02e03000 PsLoadedModuleList = 0xfffff800`03048670 Debug session time: Sun Jan 8 14:28:58.722 2012 (UTC - 7:00) System Uptime: 0 days 22:43:40.111 Loading Kernel Symbols ............................................................... ................................................................ ...................... Loading User Symbols Loading unloaded module list ................. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {18000000448, 2, 1, fffff80002f2afcf} Probably caused by : memory_corruption ( nt!MiIdentifyPfn+26f ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 0000018000000448, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff80002f2afcf, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800030b2100 0000018000000448 CURRENT_IRQL: 2 FAULTING_IP: nt!MiIdentifyPfn+26f fffff800`02f2afcf f0410fba6e481f lock bts dword ptr [r14+48h],1Fh CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: svchost.exe TRAP_FRAME: fffff8800833a4e0 -- (.trap 0xfffff8800833a4e0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000001 rbx=0000000000000000 rcx=0a00000000000020 rdx=00000000000155fc rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002f2afcf rsp=fffff8800833a670 rbp=fffffa8005ba0010 r8=0000000000015629 r9=0000000000000001 r10=0000000000000042 r11=0000058000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz ac po nc nt!MiIdentifyPfn+0x26f: fffff800`02f2afcf f0410fba6e481f lock bts dword ptr [r14+48h],1Fh ds:00000000`00000048=???????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002e7f1e9 to fffff80002e7fc40 STACK_TEXT: fffff880`0833a398 fffff800`02e7f1e9 : 00000000`0000000a 00000180`00000448 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx fffff880`0833a3a0 fffff800`02e7de60 : 00000000`42506650 00000000`00000000 00000000`00000000 02000000`001759af : nt!KiBugCheckDispatch+0x69 fffff880`0833a4e0 fffff800`02f2afcf : 00000000`00000000 02000000`000d1ea3 fffff880`0833a690 00000000`00000018 : nt!KiPageFault+0x260 fffff880`0833a670 fffff800`02f2bc7b : 00000000`00000000 00000000`00000004 fffffa80`0832bf28 fffffa80`0832b000 : nt!MiIdentifyPfn+0x26f fffff880`0833a710 fffff800`032907e5 : fffffa80`0832b000 fffff880`0833aca0 fffff880`0833a7e8 00000000`00000000 : nt!MmQueryPfnList+0xbb fffff880`0833a750 fffff800`031d34c8 : 00000000`00000006 00000000`00000000 fffffa80`0832b000 00000000`00000001 : nt!PfpPfnPrioRequest+0x115 fffff880`0833a7a0 fffff800`03189bd3 : 00000000`00000000 00000000`00000000 fffffa80`06d36000 fffffa80`0762b001 : nt! ?? ::NNGAKEGL::`string'+0x4810d fffff880`0833a830 fffff800`0318a449 : 00000000`0114b7c8 00000000`01854b80 00000000`0114b820 00000000`00000000 : nt!ExpQuerySystemInformation+0x1193 fffff880`0833abe0 fffff800`02e7eed3 : 00000000`00000005 fffff880`0833aca0 00000000`07541280 00000000`01854770 : nt!NtQuerySystemInformation+0x4d fffff880`0833ac20 00000000`7764167a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`0114b6f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7764167a STACK_COMMAND: kb FOLLOWUP_IP: nt!MiIdentifyPfn+26f fffff800`02f2afcf f0410fba6e481f lock bts dword ptr [r14+48h],1Fh SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!MiIdentifyPfn+26f FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3 IMAGE_NAME: memory_corruption FAILURE_BUCKET_ID: X64_0xA_nt!MiIdentifyPfn+26f BUCKET_ID: X64_0xA_nt!MiIdentifyPfn+26f Followup: MachineOwner ---------
    Please remove any CD/DVD virtualization software, such as Daemon Tools/Alcohol 120%, as they use a driver called sptd.sys that is known to cause BSODs. After their removal, use the sptd.sys uninstaller

    I prefer TotalMounter as my CD/DVD virtualization software as it allows me to burn images to a virtual CD/DVD if I just want an ISO file instead of a disc, and it is free.

    Many use MagicISO - Convert BIN to ISO, Create, Edit, Burn, Extract ISO file, ISO/BIN converter/extractor/editor as well, which is also free.


    Also, since your blue screens are system related, the following possibilities exist.
    1. System file corruption. Run SFC /SCANNOW Command - System File Checker to check for system file corruption.You may have to run it up to three times to fix all errors.
    2. Faulty hardware. Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete.
    3. Hard disk errors. Run Disk Check with both boxes checked for all drives.
    4. An underlying driver that is incompatible with your system. Run Driver Verifier to find any issues. To run Driver Verifier, do the following:
      a. Backup your system and user files
      b. Create a system restore point
      c. If you do not have a Windows 7 DVD, Create a system repair disc
      d. Run Driver Verifier

      If Windows cannot start in normal mode with driver verifier running, start in safe mode. If it cannot start in safe mode or normal mode, restore the system restore point using System Restore OPTION TWO.

      Thanks to zigzag3143 for contributing to the above steps.
      If you are unable to start Windows with all drivers being verified or if the blue screen crashes fail to create .dmp files, run them in groups of 5 or 10 until you find a group that causes blue screen crashes and stores the blue screen .dmp files.
      My Computer


  3. Posts : 309
    Windows 7 Home Premium x64
    Thread Starter
       #3

    I dont got any cd virtualization programs on the computer anymore I used to have deamontools but that was a long time ago, but I will run that uninstall, the memtest+ was runned in boot mode, it did 3 or 4 passes, I will continue with doing SFC and disc check and then lastly, I will uninstall my corsair keyboard and mouse drivers, they was the last drivers I installed on the system, will start from that and see what happens and thanks for your feedback
      My Computer


  4. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #4

    Did you determine the root cause of the stability problems? How is the system running at the present time?
      My Computer


  5. Posts : 309
    Windows 7 Home Premium x64
    Thread Starter
       #5

    Oh sorry totally forgott about this thread, erm computer is running fine, running it at 3.8Ghz with 1.24v vCore & VTT and it actually runs smoother now then when I had it 4Ghz, and googled a bit and came across this guy saying that intel cpu overclock the best with odd numbers, and it seem to be some truth in it I ma using 19x200 BLCK and the volt I am using is rather low I think. Ran intelburn test, maximum stress test 10 times and no problems, ran latest prime95 for some time and it gave me no errors so I will just leave it like this, since I am not doing any benchmarking just wanted a bit more speed out of it
      My Computer


  6. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #6

    Glad you got it stabilized. :) Let us know if you need any help, or if you would like to mark the thread as solved, click the green button at the top or bottom of the thread to Mark as Solved. The green button can be found next to the orange Post Reply button.
      My Computer


  7. Posts : 309
    Windows 7 Home Premium x64
    Thread Starter
       #7

    Since the computer is stable and 3.8Ghz is probably more then I need anyway I am happy and will leave it like this for now so going to mark it as solved, again thanks for all the help
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:26.
Find Us