Major BSOD Problems


  1. Noklu
    Posts : 6
    Windows 7 Pro x64
       New #1

    Major BSOD Problems


    I have been having major BSOD crashes. There does not seem to be a pattern. I have checked the memory with memtest86. I found one error on 1 of 4 sticks, so I replaced the pair. I also checked the hard drive with Seatools, no problems. I am uploading the dump files as per the formum. I am hoping they are correct. The dump program would not leave the files in my documents folder (ran 3 times) I finally hunted them down and have attached them.. This is REALLY getting to be a problem. Any help is appreciated.

    My machine is a self build.
    mobo: Asus M4A89GTD-PRO/USB3
    processor: AMD Phenom ii x6 1100T, 3.30 Ghz
    ram: Corsair xms 8GB (4x2GB)
    graphics: Nvidia Quadro 600, 1GB
    ps: Silverstone 700w
    os: Windows 7 x64 OEM
      My Computer
    Quote Quote

  3. writhziden
    Posts : 11,269
    Windows 7 Home Premium 64 Bit
       New #2

    Code:
    1. 
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010512-22916-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0305e000 PsLoadedModuleList = 0xfffff800`032a3670
Debug session time: Thu Jan  5 15:47:01.624 2012 (UTC - 7:00)
System Uptime: 0 days 2:20:58.450
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41790, fffffa8004e5f310, ffff, 0}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+36024 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa8004e5f310
Arg3: 000000000000ffff
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_41790

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  BCU.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff8000314a150 to fffff800030dac40

STACK_TEXT:  
fffff880`098d8958 fffff800`0314a150 : 00000000`0000001a 00000000`00041790 fffffa80`04e5f310 00000000`0000ffff : nt!KeBugCheckEx
fffff880`098d8960 fffff800`030c80ff : fffffa80`00000000 00000000`03e20fff 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x36024
fffff880`098d8b20 fffff800`030d9ed3 : ffffffff`ffffffff 00000000`0008e320 00000000`0008e318 00000000`00008000 : nt!NtFreeVirtualMemory+0x61f
fffff880`098d8c20 00000000`770614fa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0008e2e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x770614fa


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+36024
fffff800`0314a150 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+36024

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

FAILURE_BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+36024

BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+36024

Followup: MachineOwner
---------
    2. 
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010612-21668-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0305e000 PsLoadedModuleList = 0xfffff800`032a3670
Debug session time: Fri Jan  6 12:57:09.120 2012 (UTC - 7:00)
System Uptime: 0 days 0:06:36.931
Loading Kernel Symbols
...............................................................
................................................................
.....................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {31, fffffa800a41e150, fffff8800a97d000, fffff8a0043cb21a}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::NNGAKEGL::`string'+7271 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000000031, The subtype of the bugcheck.
Arg2: fffffa800a41e150
Arg3: fffff8800a97d000
Arg4: fffff8a0043cb21a

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_31

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80003337b25 to fffff800030dac40

STACK_TEXT:  
fffff880`0968f4d8 fffff800`03337b25 : 00000000`0000001a 00000000`00000031 fffffa80`0a41e150 fffff880`0a97d000 : nt!KeBugCheckEx
fffff880`0968f4e0 fffff800`033b2c37 : fffffa80`00000000 fffffa80`06dce060 00000000`00000948 fffff8a0`0438e000 : nt! ?? ::NNGAKEGL::`string'+0x7271
fffff880`0968f540 fffff800`0310a6eb : ffffffff`ffffffff fffff880`0968f6b0 00000000`00010000 fffff800`03102b00 : nt!MiRelocateImagePfn+0xf7
fffff880`0968f5a0 fffff800`03075b64 : fffffa80`0ae8c5f0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiWaitForInPageComplete+0x7ef
fffff880`0968f680 fffff800`03334e7a : 00000000`00000000 fffffa80`085d91a0 00000000`00000001 fffffa80`085d91a0 : nt!MiPfCompletePrefetchIos+0x54
fffff880`0968f6b0 fffff800`0353804d : 00000000`000000a8 00000000`0000071f fffffa80`085d91a0 fffff880`0968f778 : nt!MmPrefetchPages+0x13a
fffff880`0968f710 fffff800`0354006e : fffff8a0`00000000 fffff8a0`00000660 fffff8a0`0000017d fffff8a0`00000000 : nt!PfpPrefetchFilesTrickle+0x21d
fffff880`0968f810 fffff800`03540c07 : 00000000`00000000 fffff880`0968fca0 fffff880`0968fa08 fffff8a0`0368fc50 : nt!PfpPrefetchRequestPerform+0x30e
fffff880`0968f960 fffff800`0354d1de : fffff880`0968fa08 fffff880`0968fa01 fffffa80`0a4dd5c0 00000000`00000000 : nt!PfpPrefetchRequest+0x176
fffff880`0968f9d0 fffff800`03551a0a : 00000000`00000000 00000000`0000004f 00000000`00000000 00000000`0a2bf001 : nt!PfSetSuperfetchInformation+0x1ad
fffff880`0968fab0 fffff800`030d9ed3 : fffffa80`06dce060 00000000`00000000 00000000`0a26c301 00000000`0000dc10 : nt!NtSetSystemInformation+0xc8d
fffff880`0968fc20 00000000`76ea2a0a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`00dff7d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76ea2a0a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::NNGAKEGL::`string'+7271
fffff800`03337b25 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::NNGAKEGL::`string'+7271

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

FAILURE_BUCKET_ID:  X64_0x1a_31_nt!_??_::NNGAKEGL::_string_+7271

BUCKET_ID:  X64_0x1a_31_nt!_??_::NNGAKEGL::_string_+7271

Followup: MachineOwner
---------
    3. 
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010612-24819-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03068000 PsLoadedModuleList = 0xfffff800`032ad670
Debug session time: Fri Jan  6 12:58:23.726 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:35.912
Loading Kernel Symbols
...............................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 51, {1, fffff8a0034e7010, a0691000, 374}

Probably caused by : discache.sys ( discache!DisCreateObjectAttributeStore+ec )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

REGISTRY_ERROR (51)
Something has gone badly wrong with the registry.  If a kernel debugger
is available, get a stack trace. It can also indicate that the registry got
an I/O error while trying to read one of its files, so it can be caused by
hardware problems or filesystem corruption.
It may occur due to a failure in a refresh operation, which is used only
in by the security system, and then only when resource limits are encountered.
Arguments:
Arg1: 0000000000000001, (reserved)
Arg2: fffff8a0034e7010, (reserved)
Arg3: 00000000a0691000, depends on where Windows bugchecked, may be pointer to hive
Arg4: 0000000000000374, depends on where Windows bugchecked, may be return code of
	HvCheckHive if the hive is corrupt.

Debugging Details:
------------------


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x51

PROCESS_NAME:  System

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80003413ea8 to fffff800030e4c40

STACK_TEXT:  
fffff880`03183fd8 fffff800`03413ea8 : 00000000`00000051 00000000`00000001 fffff8a0`034e7010 00000000`a0691000 : nt!KeBugCheckEx
fffff880`03183fe0 fffff800`0335be52 : fffff8a0`034e7010 00000000`00040000 01cccc88`00000200 fffff8a0`00000002 : nt! ?? ::NNGAKEGL::`string'+0x9eea
fffff880`03184040 fffff800`0335ad71 : 00000000`00000000 00000000`00000002 fffff8a0`034e7bb8 00000000`00000001 : nt!HvInitializeHive+0x2c2
fffff880`031840a0 fffff800`0335c0ca : fffff880`03184230 fffff880`03184340 ffffffff`80001764 fffff880`03184778 : nt!CmpInitializeHive+0x4ad
fffff880`03184190 fffff800`0335b9c6 : 00000000`00000010 20204d43`00000000 fffff880`03184528 fffff880`03184521 : nt!CmpInitHiveFromFile+0x246
fffff880`031842e0 fffff800`03360b7f : 00000000`00000010 00000000`00000000 00000000`00000000 fffff800`033e1437 : nt!CmpCmdHiveOpen+0x8a
fffff880`031844d0 fffff800`033608b7 : fffff880`03180064 00000000`00000000 00000000`00000000 fffff880`03184b00 : nt!CmLoadKey+0x1a7
fffff880`031846c0 fffff800`030e3ed3 : 00000000`00000001 fffff880`03184bb0 fffff880`00000010 00000000`00000000 : nt!NtLoadKeyEx+0x4c5
fffff880`03184920 fffff800`030e0470 : fffff880`02c2de98 fffff880`02c353d0 00000000`00000000 00000000`00000001 : nt!KiSystemServiceCopyEnd+0x13
fffff880`03184b28 fffff880`02c2de98 : fffff880`02c353d0 00000000`00000000 00000000`00000001 00000000`00000001 : nt!KiServiceLinkage
fffff880`03184b30 fffff880`02c2c2b2 : 00000000`00000000 00000000`00000000 00000000`00000001 fffff8a0`03507bf0 : discache!DisCreateObjectAttributeStore+0xec
fffff880`03184bf0 fffff880`02c2c44b : fffff800`00000043 00000000`00000000 fffff800`032852b8 00000000`00000000 : discache!ScpInitializeCache+0x19a
fffff880`03184c30 fffff800`030ef001 : fffff880`02c2c370 ffffffff`80001658 fffffa80`0673dc00 fffffa80`00000657 : discache!ScpInitializationWorker+0xdb
fffff880`03184cb0 fffff800`0337ffee : 00000000`00000000 fffffa80`06787b60 00000000`00000080 fffffa80`06723040 : nt!ExpWorkerThread+0x111
fffff880`03184d40 fffff800`030d65e6 : fffff880`03088180 fffffa80`06787b60 fffff880`03093040 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03184d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
discache!DisCreateObjectAttributeStore+ec
fffff880`02c2de98 3bc6            cmp     eax,esi

SYMBOL_STACK_INDEX:  a

SYMBOL_NAME:  discache!DisCreateObjectAttributeStore+ec

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: discache

IMAGE_NAME:  discache.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc52e

FAILURE_BUCKET_ID:  X64_0x51_discache!DisCreateObjectAttributeStore+ec

BUCKET_ID:  X64_0x51_discache!DisCreateObjectAttributeStore+ec

Followup: MachineOwner
---------
    4. 
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010612-18564-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03054000 PsLoadedModuleList = 0xfffff800`03299670
Debug session time: Fri Jan  6 14:47:38.410 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:32.580
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {5100, fffff6fc5001e208, 74, 28}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+af37 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000005100, The subtype of the bugcheck.
Arg2: fffff6fc5001e208
Arg3: 0000000000000074
Arg4: 0000000000000028

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_5100

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  explorer.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff8000312a957 to fffff800030d0c40

STACK_TEXT:  
fffff880`08ff9268 fffff800`0312a957 : 00000000`0000001a 00000000`00005100 fffff6fc`5001e208 00000000`00000074 : nt!KeBugCheckEx
fffff880`08ff9270 fffff800`030f3a4c : 00000000`000000b5 fffff880`08ff93c0 fffff8a0`03c00000 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0xaf37
fffff880`08ff9380 fffff800`031fcf86 : 00000000`000b5000 fffffa80`06697000 00000000`00000001 00000000`00000000 : nt!MiAllocatePagedPoolPages+0x4cc
fffff880`08ff94a0 fffff800`030f1760 : 00000000`000b5000 fffffa80`06697000 00000000`00000001 00000000`0000006c : nt!MiAllocatePoolPages+0x906
fffff880`08ff95e0 fffff800`031ff90e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`000b4640 : nt!ExpAllocateBigPool+0xb0
fffff880`08ff96d0 fffff800`033919d7 : 00000000`00400000 00000000`00400000 00000000`00000001 00000000`00000000 : nt!ExAllocatePoolWithTag+0x82e
fffff880`08ff97c0 fffff800`033cdfdc : fffff8a0`03b7b000 fffff880`08ff99b8 00000000`0000013d 00000000`00000000 : nt!MiRelocateImage+0x347
fffff880`08ff9930 fffff800`033ac596 : fffff880`08ff9b80 fffff880`08ff9ca0 00000000`00000000 00000000`00000001 : nt!MmCreateSection+0x8bc
fffff880`08ff9b30 fffff800`030cfed3 : fffffa80`0a3b4060 00000000`0662d028 fffff880`08ff9bc8 00000000`00000000 : nt!NtCreateSection+0x171
fffff880`08ff9bb0 00000000`77c517ba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0662d008 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77c517ba


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+af37
fffff800`0312a957 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+af37

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

FAILURE_BUCKET_ID:  X64_0x1a_5100_nt!_??_::FNODOBFM::_string_+af37

BUCKET_ID:  X64_0x1a_5100_nt!_??_::FNODOBFM::_string_+af37

Followup: MachineOwner
---------
    5. 
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010612-21075-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0300a000 PsLoadedModuleList = 0xfffff800`0324f670
Debug session time: Fri Jan  6 15:02:02.949 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:33.136
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41790, fffffa8004e5f2b0, ffff, 0}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+36024 )

Followup: MachineOwner
---------

5: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa8004e5f2b0
Arg3: 000000000000ffff
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_41790

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  WerFault.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff800030f6150 to fffff80003086c40

STACK_TEXT:  
fffff880`0a252828 fffff800`030f6150 : 00000000`0000001a 00000000`00041790 fffffa80`04e5f2b0 00000000`0000ffff : nt!KeBugCheckEx
fffff880`0a252830 fffff800`030ba569 : 00000000`00000000 00000000`76b59fff fffffa80`00000000 fffff880`00961000 : nt! ?? ::FNODOBFM::`string'+0x36024
fffff880`0a2529f0 fffff800`0339e221 : fffffa80`0a336630 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiRemoveMappedView+0xd9
fffff880`0a252b10 fffff800`0339e623 : 0000007f`00000000 00000000`76a60000 fffffa80`00000001 fffffa80`089df750 : nt!MiUnmapViewOfSection+0x1b1
fffff880`0a252bd0 fffff800`03085ed3 : 00000000`00000008 00000000`77091cc4 fffffa80`0a333060 00000000`00000000 : nt!NtUnmapViewOfSection+0x5f
fffff880`0a252c20 00000000`770415ba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`000feb28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x770415ba


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+36024
fffff800`030f6150 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+36024

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

FAILURE_BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+36024

BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+36024

Followup: MachineOwner
---------
    6. 
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010712-17862-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03019000 PsLoadedModuleList = 0xfffff800`0325e670
Debug session time: Sat Jan  7 00:39:12.633 2012 (UTC - 7:00)
System Uptime: 0 days 9:36:06.443
Loading Kernel Symbols
...............................................................
................................................................
...................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {fffff8800b240000, 2, 1, fffff88001575f26}

Probably caused by : NETIO.SYS ( NETIO!memmove+d6 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff8800b240000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff88001575f26, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800032c8100
 fffff8800b240000 

CURRENT_IRQL:  2

FAULTING_IP: 
NETIO!memmove+d6
fffff880`01575f26 4c8951f8        mov     qword ptr [rcx-8],r10

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  System

TRAP_FRAME:  fffff80000b9a980 -- (.trap 0xfffff80000b9a980)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=727dc2573b9647fd rbx=0000000000000000 rcx=fffff8800b240008
rdx=000001fffd77621d rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001575f26 rsp=fffff80000b9ab18 rbp=00000000000005b4
 r8=00000000000005b1  r9=0000000000000022 r10=767c62667c626a7c
r11=fffff8800b23fea5 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
NETIO!memmove+0xd6:
fffff880`01575f26 4c8951f8        mov     qword ptr [rcx-8],r10 ds:0008:fffff880`0b240000=e9e9f8e47a7c9f53
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff800030951e9 to fffff80003095c40

STACK_TEXT:  
fffff800`00b9a838 fffff800`030951e9 : 00000000`0000000a fffff880`0b240000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff800`00b9a840 fffff800`03093e60 : 00000000`00000000 fffffa80`00000001 00000000`00000000 fffff800`00b9acb0 : nt!KiBugCheckDispatch+0x69
fffff800`00b9a980 fffff880`01575f26 : fffff880`0157db0d fffffa80`00000aaf fffffa80`000001fd 00000000`00000000 : nt!KiPageFault+0x260
fffff800`00b9ab18 fffff880`0157db0d : fffffa80`00000aaf fffffa80`000001fd 00000000`00000000 00000000`00001000 : NETIO!memmove+0xd6
fffff800`00b9ab20 fffff880`016b23d4 : fffff800`00b9acf8 fffff800`00b9acc8 fffff800`00b9ace8 fffff800`00b9acb0 : NETIO!RtlCopyMdlToMdlIndirect+0xfd
fffff800`00b9abc0 fffff880`016c9a45 : 00000008`0c560800 fffffa80`06e82cf0 fffffa80`06e82cf0 fffffa80`09d180e0 : tcpip!TcpSatisfyReceiveRequests+0x1f4
fffff800`00b9aea0 fffff880`016c8839 : fffffa80`0a67dc80 fffffa80`074b6db0 fffffa80`06e82d5c fffffa80`09985480 : tcpip!TcpDeliverDataToClient+0x105
fffff800`00b9b020 fffff880`016c5d58 : 00000000`e1072a9b fffffa80`06e82cf0 fffffa80`075a4f70 fffffa80`09985480 : tcpip!TcpDeliverReceive+0xa9
fffff800`00b9b120 fffff880`016c68b5 : 00000000`00000000 00000000`00000001 00000000`00000001 fffffa80`088fbe30 : tcpip!TcpTcbFastDatagram+0x208
fffff800`00b9b2e0 fffff880`016c567a : fffffa80`075bfb00 fffff880`016bdb00 fffffa80`07591901 00000000`00000000 : tcpip!TcpTcbReceive+0x1f5
fffff800`00b9b490 fffff880`016c72ab : fffffa80`089b60ae fffffa80`076f8000 00000000`00000000 fffff800`00b9b800 : tcpip!TcpMatchReceive+0x1fa
fffff800`00b9b5e0 fffff880`016be1c7 : fffffa80`075bfb00 fffffa80`0759bd01 fffffa80`0000a2c1 00000000`0000a2c1 : tcpip!TcpPreValidatedReceive+0x36b
fffff800`00b9b6b0 fffff880`016bdd3a : 00000000`00000000 fffff880`017dd9a0 fffff800`00b9b870 fffffa80`0853ce20 : tcpip!IppDeliverListToProtocol+0x97
fffff800`00b9b770 fffff880`016bd339 : 00000000`0021cceb fffff800`030a0497 00000000`00000000 fffff800`00b9b860 : tcpip!IppProcessDeliverList+0x5a
fffff800`00b9b810 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!IppReceiveHeaderBatch+0x23a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
NETIO!memmove+d6
fffff880`01575f26 4c8951f8        mov     qword ptr [rcx-8],r10

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  NETIO!memmove+d6

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce79381

FAILURE_BUCKET_ID:  X64_0xD1_NETIO!memmove+d6

BUCKET_ID:  X64_0xD1_NETIO!memmove+d6

Followup: MachineOwner
---------
    7. 
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010712-22417-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03004000 PsLoadedModuleList = 0xfffff800`03249670
Debug session time: Sat Jan  7 10:16:05.544 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:33.730
Loading Kernel Symbols
...............................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {ffd178, 0, 774c7f18, 8}


Could not read faulting driver name
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+468e5 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: 0000000000ffd178, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: 00000000774c7f18, If non-zero, the instruction address which referenced the bad memory
	address.
Arg4: 0000000000000008, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032b3100
 0000000000ffd178 

FAULTING_IP: 
+6136343135303762
00000000`774c7f18 ??              ???

MM_INTERNAL_CODE:  8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  WmiPrvSE.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff8000301417b to fffff80003080c40

STACK_TEXT:  
fffff880`092b8ab8 fffff800`0301417b : 00000000`00000050 00000000`00ffd178 00000000`00000000 fffff880`092b8c20 : nt!KeBugCheckEx
fffff880`092b8ac0 fffff800`0307ed6e : 00000000`00000000 00000000`00ffd178 00000000`0096c801 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x468e5
fffff880`092b8c20 00000000`774c7f18 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`0096c9c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x774c7f18


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+468e5
fffff800`0301417b cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+468e5

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

FAILURE_BUCKET_ID:  X64_0x50_nt!_??_::FNODOBFM::_string_+468e5

BUCKET_ID:  X64_0x50_nt!_??_::FNODOBFM::_string_+468e5

Followup: MachineOwner
---------
    8. 
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010712-18876-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03013000 PsLoadedModuleList = 0xfffff800`03258670
Debug session time: Sat Jan  7 11:01:11.001 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:30.187
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff880010501d1, fffff8800a591940, 0}

Probably caused by : fltmgr.sys ( fltmgr!TreeUnlinkMulti+51 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff880010501d1, Address of the instruction which caused the bugcheck
Arg3: fffff8800a591940, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
fltmgr!TreeUnlinkMulti+51
fffff880`010501d1 488b4620        mov     rax,qword ptr [rsi+20h]

CONTEXT:  fffff8800a591940 -- (.cxr 0xfffff8800a591940)
rax=00000000000000e0 rbx=0000000000000000 rcx=fffffa800a469b48
rdx=fffffa800a498540 rsi=00000000000000b1 rdi=0000000000000000
rip=fffff880010501d1 rsp=fffff8800a592320 rbp=fffffa800a469b48
 r8=ffffffffffffffff  r9=ffffffffffffffff r10=000000000000000a
r11=0000000000000001 r12=fffffa800a498540 r13=0000000000000000
r14=0000000000002000 r15=fffffa8007901668
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
fltmgr!TreeUnlinkMulti+0x51:
fffff880`010501d1 488b4620        mov     rax,qword ptr [rsi+20h] ds:002b:00000000`000000d1=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  GoogleUpdate.e

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 0000000000000000 to fffff880010501d1

STACK_TEXT:  
fffff880`0a592320 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : fltmgr!TreeUnlinkMulti+0x51


FOLLOWUP_IP: 
fltmgr!TreeUnlinkMulti+51
fffff880`010501d1 488b4620        mov     rax,qword ptr [rsi+20h]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  fltmgr!TreeUnlinkMulti+51

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: fltmgr

IMAGE_NAME:  fltmgr.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7929c

STACK_COMMAND:  .cxr 0xfffff8800a591940 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_fltmgr!TreeUnlinkMulti+51

BUCKET_ID:  X64_0x3B_fltmgr!TreeUnlinkMulti+51

Followup: MachineOwner
---------
    9. 
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010712-18642-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0300b000 PsLoadedModuleList = 0xfffff800`03250670
Debug session time: Sat Jan  7 11:02:28.971 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:39.142
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {99, fffff8a0029c9229, 0, 0}

Probably caused by : CI.dll ( CI!MincryptFreePolicyInfo+22 )

Followup: MachineOwner
---------

5: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000000000099, Attempt to free pool with invalid address  (or corruption in pool header)
Arg2: fffff8a0029c9229, Address being freed
Arg3: 0000000000000000, 0
Arg4: 0000000000000000, 0

Debugging Details:
------------------


FAULTING_IP: 
CI!MincryptFreePolicyInfo+22
fffff880`00c132a6 33c0            xor     eax,eax

BUGCHECK_STR:  0xc2_99

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff800035113dc to fffff80003087c40

STACK_TEXT:  
fffff880`0a1890c8 fffff800`035113dc : 00000000`000000c2 00000000`00000099 fffff8a0`029c9229 00000000`00000000 : nt!KeBugCheckEx
fffff880`0a1890d0 fffff800`031376e1 : bfcec135`0000000a 00000000`00090885 33e458bf`00000002 00000000`000000a0 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`0a189110 fffff800`031b5c73 : fffff8a0`029c9219 00000000`000006e0 00000000`00000066 00000000`0000e9a0 : nt!VerifierFreeTrackedPool+0x41
fffff880`0a189150 fffff880`00c132a6 : 00000000`0001d490 fffff8a0`03738da0 00000000`00000164 00000000`0000e9a0 : nt!ExDeferredFreePool+0x129f
fffff880`0a189200 fffff880`00c0e05c : 00000000`0001d490 00000000`00000000 00000000`72634943 fffff8a0`03738da0 : CI!MincryptFreePolicyInfo+0x22
fffff880`0a189230 fffff880`00c0e4d4 : fffff880`0a189430 00000000`00000000 00000000`0000e9a0 ffffffff`800017e4 : CI!I_FreeCatalogData+0x70
fffff880`0a189260 fffff880`00c0d6ef : ffffffff`800015fc 00000000`c0000428 fffff880`0a189798 00000000`000002cb : CI!I_ReloadCatalogs+0x21c
fffff880`0a189400 fffff880`00c0bc3a : fffff880`0a1897b0 00000000`00000000 fffff880`00000000 00000000`00000000 : CI!I_FindFileOrHeaderHashInCatalogs+0x413
fffff880`0a1894a0 fffff880`00c0c748 : fffffa80`0a2355d0 fffff880`0a1897b0 00000000`00008004 00000000`00000000 : CI!CipGetPageHashesForFile+0xfa
fffff880`0a189580 fffff880`00c0af84 : 00000000`00000002 fffff880`0a189890 fffff880`0a189890 00000000`00000000 : CI!CipValidatePageHash+0x2e8
fffff880`0a189740 fffff800`032f4a44 : 00000000`00000001 00000000`000fffff fffffa80`0a2355d0 00000000`00000000 : CI!CiValidateImageHeader+0x1dc
fffff880`0a189820 fffff800`032f484a : 00000000`00000000 00000000`00000080 fffffa80`0a2366d0 00000000`00000000 : nt!SeValidateImageHeader+0x58
fffff880`0a189860 fffff800`03385086 : fffffa80`0a2355d0 fffffa80`0a2366d0 00000000`00000002 00000000`00000001 : nt!MiValidateImageHeader+0x21a
fffff880`0a189930 fffff800`03363596 : fffff880`0a189b80 fffff880`0a189ca0 00000000`00000000 00000000`00000001 : nt!MmCreateSection+0x966
fffff880`0a189b30 fffff800`03086ed3 : fffffa80`098da4f0 00000000`001ac7f8 fffff880`0a189bc8 00000000`001aca88 : nt!NtCreateSection+0x171
fffff880`0a189bb0 00000000`77b217ba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`001ac7d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77b217ba


STACK_COMMAND:  kb

FOLLOWUP_IP: 
CI!MincryptFreePolicyInfo+22
fffff880`00c132a6 33c0            xor     eax,eax

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  CI!MincryptFreePolicyInfo+22

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: CI

IMAGE_NAME:  CI.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7c944

FAILURE_BUCKET_ID:  X64_0xc2_99_CI!MincryptFreePolicyInfo+22

BUCKET_ID:  X64_0xc2_99_CI!MincryptFreePolicyInfo+22

Followup: MachineOwner
---------
    10. 
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010712-18080-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0304f000 PsLoadedModuleList = 0xfffff800`03294670
Debug session time: Sat Jan  7 11:03:49.583 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:43.754
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {1904fb, fffff8800abdb6a8, fffff8800abdaf00, fffff800030f558f}

Probably caused by : Ntfs.sys ( Ntfs!NtfsInsertNameLink+d9 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff8800abdb6a8
Arg3: fffff8800abdaf00
Arg4: fffff800030f558f

Debugging Details:
------------------


EXCEPTION_RECORD:  fffff8800abdb6a8 -- (.exr 0xfffff8800abdb6a8)
ExceptionAddress: fffff800030f558f (nt!RtlSplay+0x0000000000000111)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

CONTEXT:  fffff8800abdaf00 -- (.cxr 0xfffff8800abdaf00)
rax=fffff8a0033833f8 rbx=fffff8a0031f53e8 rcx=fffff8a003792b98
rdx=fffff8a00339d71a rsi=00000000000000a6 rdi=fffff8a003792b88
rip=fffff800030f558f rsp=fffff8800abdb8e8 rbp=fffff8a003792b98
 r8=0709000000000008  r9=0709000000000000 r10=00000000000004f0
r11=fffff8800abdb940 r12=fffff8a0018e1350 r13=0000000002af6678
r14=fffff8a0037928e0 r15=fffffa8009cbc430
iopl=0         nv up ei pl nz ac pe cy
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010213
nt!RtlSplay+0x111:
fffff800`030f558f 493910          cmp     qword ptr [r8],rdx ds:002b:07090000`00000008=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  1

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032fe100
 ffffffffffffffff 

FOLLOWUP_IP: 
Ntfs!NtfsInsertNameLink+d9
fffff880`01303810 49890424        mov     qword ptr [r12],rax

FAULTING_IP: 
nt!RtlSplay+111
fffff800`030f558f 493910          cmp     qword ptr [r8],rdx

BUGCHECK_STR:  0x24

LAST_CONTROL_TRANSFER:  from fffff88001303810 to fffff800030f558f

STACK_TEXT:  
fffff880`0abdb8e8 fffff880`01303810 : fffffa80`07907350 00000000`000007ff fffff8a0`037927b0 fffff880`0abdbbf8 : nt!RtlSplay+0x111
fffff880`0abdb8f0 fffff880`013038bc : fffffa80`09cbc408 fffff8a0`03792b48 00000000`00006a20 fffffa80`0814e410 : Ntfs!NtfsInsertNameLink+0xd9
fffff880`0abdb920 fffff880`012d3209 : 00000000`00000000 fffffa80`0814e410 fffffa80`09cbc408 00000000`000007ff : Ntfs!NtfsInsertPrefix+0x40
fffff880`0abdb960 fffff880`012f7179 : fffff880`093bf3b0 fffffa80`0814e410 fffffa80`09cbc430 00000000`00000000 : Ntfs!NtfsOpenFile+0x649
fffff880`0abdbb50 fffff880`0125fa3d : fffffa80`09cbc430 fffffa80`0814e410 fffff880`093bf3b0 fffffa80`091c9000 : Ntfs!NtfsCommonCreate+0xc49
fffff880`0abdbd30 fffff800`030c3757 : fffff880`093bf320 00000000`00000000 00000000`00000000 00000000`00000000 : Ntfs!NtfsCommonCreateCallout+0x1d
fffff880`0abdbd60 fffff800`030c3711 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxSwitchKernelStackCallout+0x27
fffff880`093bf1f0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue


SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  Ntfs!NtfsInsertNameLink+d9

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4d79997b

STACK_COMMAND:  .cxr 0xfffff8800abdaf00 ; kb

FAILURE_BUCKET_ID:  X64_0x24_Ntfs!NtfsInsertNameLink+d9

BUCKET_ID:  X64_0x24_Ntfs!NtfsInsertNameLink+d9

Followup: MachineOwner
---------
    11. 
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010712-18439-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03000000 PsLoadedModuleList = 0xfffff800`03245670
Debug session time: Sat Jan  7 11:05:35.872 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:43.058
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff880010f71d1, fffff88007693940, 0}

Probably caused by : fltmgr.sys ( fltmgr!TreeUnlinkMulti+51 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff880010f71d1, Address of the instruction which caused the bugcheck
Arg3: fffff88007693940, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
fltmgr!TreeUnlinkMulti+51
fffff880`010f71d1 488b4620        mov     rax,qword ptr [rsi+20h]

CONTEXT:  fffff88007693940 -- (.cxr 0xfffff88007693940)
rax=0000000000000095 rbx=0000000000000000 rcx=fffffa800a4c3e98
rdx=fffffa800a5d78d0 rsi=00000000000000b2 rdi=0000000000000000
rip=fffff880010f71d1 rsp=fffff88007694320 rbp=fffffa800a4c3e98
 r8=ffffffffffffffff  r9=ffffffffffffffff r10=0000000000000052
r11=0000000000000001 r12=fffffa800a5d78d0 r13=0000000000000000
r14=0000000000002000 r15=fffffa8007882668
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
fltmgr!TreeUnlinkMulti+0x51:
fffff880`010f71d1 488b4620        mov     rax,qword ptr [rsi+20h] ds:002b:00000000`000000d2=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 0000000000000000 to fffff880010f71d1

STACK_TEXT:  
fffff880`07694320 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : fltmgr!TreeUnlinkMulti+0x51


FOLLOWUP_IP: 
fltmgr!TreeUnlinkMulti+51
fffff880`010f71d1 488b4620        mov     rax,qword ptr [rsi+20h]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  fltmgr!TreeUnlinkMulti+51

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: fltmgr

IMAGE_NAME:  fltmgr.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7929c

STACK_COMMAND:  .cxr 0xfffff88007693940 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_fltmgr!TreeUnlinkMulti+51

BUCKET_ID:  X64_0x3B_fltmgr!TreeUnlinkMulti+51

Followup: MachineOwner
---------
    12. 
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Noklu\Windows_NT6_BSOD_jcgriff2\010712-20966-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0301a000 PsLoadedModuleList = 0xfffff800`0325f670
Debug session time: Sat Jan  7 12:34:09.158 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:36.329
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {31, fffffa80066ca610, fffff88009a51000, fffff8a0030032f2}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::NNGAKEGL::`string'+7271 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000000031, The subtype of the bugcheck.
Arg2: fffffa80066ca610
Arg3: fffff88009a51000
Arg4: fffff8a0030032f2

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_31

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  SBAMTray.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff800032f3b25 to fffff80003096c40

STACK_TEXT:  
fffff880`098c5888 fffff800`032f3b25 : 00000000`0000001a 00000000`00000031 fffffa80`066ca610 fffff880`09a51000 : nt!KeBugCheckEx
fffff880`098c5890 fffff800`0336ec37 : 00000000`00000000 fffffa80`0a3ab8b0 00000000`0000003d fffff8a0`03000000 : nt! ?? ::NNGAKEGL::`string'+0x7271
fffff880`098c58f0 fffff800`030c66eb : ffffffff`ffffffff fffff880`098c5a78 00000000`00008000 fffffa80`0a33f000 : nt!MiRelocateImagePfn+0xf7
fffff880`098c5950 fffff800`030be6cf : fffffa80`09dbfe90 fffff880`098c5a80 fffffa80`0a39dd78 fffff800`030624ca : nt!MiWaitForInPageComplete+0x7ef
fffff880`098c5a30 fffff800`030a502a : 00000000`00000000 00000000`00000000 ffffffff`ffffffff fffff880`00000000 : nt!MiIssueHardFault+0x28b
fffff880`098c5ac0 fffff800`03094d6e : 00000000`00000008 00000000`00b6ded0 00000000`0017e201 00000000`7efde000 : nt!MmAccessFault+0x146a
fffff880`098c5c20 00000000`00b6ded0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`0027f73c 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xb6ded0


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::NNGAKEGL::`string'+7271
fffff800`032f3b25 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::NNGAKEGL::`string'+7271

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

FAILURE_BUCKET_ID:  X64_0x1a_31_nt!_??_::NNGAKEGL::_string_+7271

BUCKET_ID:  X64_0x1a_31_nt!_??_::NNGAKEGL::_string_+7271

Followup: MachineOwner
---------
    Many of your blue screen crashes were memory related. You also had some system related crashes and hard disk related crashes. Additionally, there was a registry related crash. We do not recommend fixing registry errors using registry cleaning tools, so if you have used one in the past, let us know as it may have led to your registry blue screen crash. If not, it may be due to system file corruption or hard disk errors.

    Run the following steps and post back after doing each one and wait for a response before proceeding to the next step.
    1. Run Disk Check with both boxes checked for all HDDs and with Automatically fix file system errors checked for all SSDs.
    2. Run SFC /SCANNOW Command - System File Checker up to three times to fix all errors.
    3. Check for viruses.
      Download and install the free version of Malwarebytes : Free anti-malware, anti-virus and spyware removal download (do not start the trial) and make sure it is updated. Do not run a scan yet.
      Download VIPRE Rescue - VIPRE Computer Recovery Solution from Sunbelt Software but do not unzip it yet
      Download the Fakerean removal tool but do not run it yet.
      Start your computer in Safe Mode
      Unzip VIPRE Rescue and let it run.
      Run a full scan with Malwarebytes.
      Run the fakerean removal tool.
    4. Install all Windows Updates and update your device drivers (see Installing and updating drivers in 7, Driver Reference Table - sysnative.com - MVP and Drivers and Downloads for driver updating).
    5. Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete.
    6. An underlying driver may be incompatible\conflicting with your system. Run Driver Verifier to find any issues. To run Driver Verifier, do the following:
      a. Backup your system and user files
      b. Create a system restore point
      c. If you do not have a Windows 7 DVD, Create a system repair disc
      d. Run Driver Verifier

      If Windows cannot start in normal mode with driver verifier running, start in safe mode. If it cannot start in safe mode or normal mode, restore the system restore point using System Restore OPTION TWO.

      Thanks to zigzag3143 for contributing to the Verifier steps.
      If you are unable to start Windows with all drivers being verified or if the blue screen crashes fail to create .dmp files, run them in groups of 5 or 10 until you find a group that causes blue screen crashes and stores the blue screen .dmp files.


    Also, update the following drivers by using Installing and updating drivers in 7,
    http://www.carrona.org/dvrref.html,
    and http://www.carrona.org/drvrdown.html as references.
    Code:
    wacommousefilter	fffff880`04cf8000	fffff880`04d00000	Fri Feb 16 11:12:17 2007 (45d5f401)	00005ace		wacommousefilter.sys
lmimirr	fffff880`049e8000	fffff880`049ef000	Tue Apr 10 16:32:45 2007 (461c108d)	0000a04c		lmimirr.sys
RaInfo	fffff880`07a72000	fffff880`07a79000	Fri Jan 04 11:57:14 2008 (477e818a)	0000d903		RaInfo.sys
LMIRfsDriver	fffff880`07bb6000	fffff880`07bc9000	Mon Jul 14 10:26:56 2008 (487b7e50)	0001e26d		LMIRfsDriver.sys
AsUpIO	fffff880`04190000	fffff880`04196000	Sun Jul 05 20:21:38 2009 (4a515fb2)	0000edf8		AsUpIO.sys
      My Computer
    Quote Quote

  4. Noklu
    Posts : 6
    Windows 7 Pro x64
    Thread Starter
       New #3

    Lots of homework to do. Thanks very much. I will go thru your steps and report back.
      My Computer
    Quote Quote

  6. Dave76
    Posts : 12,177
    Windows 7 Ult x64 - SP1/ Windows 8 Pro x64
       New #4

    After you finish the good advice from writhziden, can you give us some information on your RAM.

    D/L CPUZ and post a snip of the CPU, Mainboard, Memory, and SPD tabs.
    For posting the information , enter 'Snipping tool' in the Start button > Search box, hit enter. Select the area you want to post and save to a convenient place.
    How to Post a Screenshot in Seven Forums
      My Computer
    Quote Quote

  7. Noklu
    Posts : 6
    Windows 7 Pro x64
    Thread Starter
       New #5

    I have strayed a bit from the course of action laid out by Writhizden. Here's an update.
    I started by running the comprehensive disk check on the C drive. It took quite a long time to run, at the end it did find and fix several disk errors. As the machine restarted from the disk check, it crashed with 3 BSODs before finally booting up Windows. After this, I decided to try and rectify the hardware issues. I ran memtest86 on the memory one stick at a time, each stick ran for 3 complete passes. It turned out one of the new sticks I had installed had numerous errors. I put together four sticks that had all been thoroughly tested. Next, I cloned the C drive to a new hard drive since the existing drive was suspect. I ran disk check on the new drive, this time following the test it booted without any BSODs. I don't think I am completely out of the woods yet, although the machine seems much more stable. Next, I will run the virus check as outlined. Following that I will move on to the driver updates and then possibly the registry error.

    With regard to the registry issue, I do use CCleaner, I have for years on several of my machines and never had any problems. However, on this machine I did use the cleaning feature of Revo Uninstaller. I had a real problem with one program (VectorWorks 10), I had two botched installs and had to use the uninstaller since the program did not show up in the Windows applications dialog. Following the uninstalls I used the “junk file” cleaning feature. Maybe it went too far. I will report back after the virus check.
      My Computer
    Quote Quote

  8. writhziden
    Posts : 11,269
    Windows 7 Home Premium 64 Bit
       New #6

    There are some on here who say CCleaner is alright to use for registry cleaning, but the general consensus is that all automated registry cleaning should be avoided unless it is provided as a cleanup utility by a software company for uninstalling the same software company's application (many antivirus software has these utilities, for instance).

    I myself have had problems with CCleaner before. Before I knew better, I used CCleaner to clean the registry of a client's computer, and the computer would not even boot into normal mode. It froze at the Windows flag screen. I have always made backups of the registry before using registry cleaners, so I was able to restore the registry in Safe Mode and everything ran fine again. Now if I notice a registry error related problem, I will manually find the entry or entries and provide a fix.

    If you need help with registry related issues (typically they show up as error boxes when Windows starts), these forums are a good resource. You can also post a thread in Performance & Maintenance to get help with optimizing your computer or manually cleaning registry errors. There are also good tutorials in that forum for optimization.
      My Computer
    Quote Quote

 

  Related Discussions
Major problems
in General Discussion

So first off I should say I'm not good with computers, I get around them but when it comes to technical stuff like what I'm about to show I'm a 0. Second I should also say that I'm not English and my computer language is not in English, but I follow and look for answers in this forum everytime I...
It seems that for no apparent reason, a bunch of drivers were removed. It's stuck in 800x600, no aero, slow, freezes, etc.
Major problems shutting down
in General Discussion

Hello! I recently bought a HP laptop running Windows 7. In a nutshell, I cannot effectively shut the computer down, and Windows updates do not install properly. When I try to shut down, the computer just spins for ages and eventually goes blank. Then, I have to select "start in safe mode" and...
Major Problems, Please Help
in Installation & Setup

Im fretting right now, i think i may have just made my SSD and HDD unusable. Ok: I have a new build, was messing around with the set-up to try and get it to work the best, trying different install and with dynamic/basic hdd's. So somehow this is the situation i have: 1Tb HDDwith the OS...
Ok, my Toshiba Satellite laptop originally had Windows Vista on it, I then downloaded Windows 7 but today i went back to Vista because some things weren't supported like my brightness settings and stuff. however. Now that I went back, my computer seems alot slower. Also it never auto connects to...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 18:17.
Find Us