Code:
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\ZXNFQT4\Windows_NT6_BSOD_jcgriff2\011612-16504-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`0340e000 PsLoadedModuleList = 0xfffff800`03653670
Debug session time: Tue Jan 17 00:02:39.879 2012 (UTC - 7:00)
System Uptime: 0 days 1:11:30.769
Loading Kernel Symbols
...............................................................
................................................................
.............................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck BE, {fffff8a000ff8dd0, 800000020704d121, fffff8800ab70630, b}
Probably caused by : fileinfo.sys ( fileinfo!FIStreamGetNext+5b )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
An attempt was made to write to readonly memory. The guilty driver is on the
stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fffff8a000ff8dd0, Virtual address for the attempted write.
Arg2: 800000020704d121, PTE contents.
Arg3: fffff8800ab70630, (reserved)
Arg4: 000000000000000b, (reserved)
Debugging Details:
------------------
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xBE
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800ab70630 -- (.trap 0xfffff8800ab70630)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffff8a000ff8dd0
rdx=0000000000000002 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800034aa18f rsp=fffff8800ab707c8 rbp=fffffa8009844d80
r8=fffff8a000af3500 r9=0000000000000000 r10=006f00720070002e
r11=fffff8800ab707c0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!ExfAcquireRundownProtection+0xb:
fffff800`034aa18f f0480fb111 lock cmpxchg qword ptr [rcx],rdx ds:8f30:fffff8a0`00ff8dd0=0000000000000000
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800034365d2 to fffff8000348ac40
STACK_TEXT:
fffff880`0ab704c8 fffff800`034365d2 : 00000000`000000be fffff8a0`00ff8dd0 80000002`0704d121 fffff880`0ab70630 : nt!KeBugCheckEx
fffff880`0ab704d0 fffff800`03488d6e : 00000000`00000001 fffff8a0`00ff8dd0 00000000`00000000 fffff8a0`00ff8dc0 : nt! ?? ::FNODOBFM::`string'+0x45c6e
fffff880`0ab70630 fffff800`034aa18f : fffff880`012de2e3 fffffa80`0d145750 fffffa80`00000000 00000000`0007d810 : nt!KiPageFault+0x16e
fffff880`0ab707c8 fffff880`012de2e3 : fffffa80`0d145750 fffffa80`00000000 00000000`0007d810 00000000`06e70050 : nt!ExfAcquireRundownProtection+0xb
fffff880`0ab707d0 fffff880`012deb1d : 00000000`0007d810 fffff880`0ab70b60 00000000`06e70050 00000000`00000000 : fileinfo!FIStreamGetNext+0x5b
fffff880`0ab70800 fffff880`012db716 : fffffa80`0d145750 00000000`0007d810 fffffa80`000fe422 00000000`06eed850 : fileinfo!FIIterate+0x219
fffff880`0ab70890 fffff800`037a5a97 : fffffa80`0d3d5790 fffffa80`0d3d5790 fffffa80`0d145868 fffffa80`0d145750 : fileinfo!FIControlDispatch+0x156
fffff880`0ab708d0 fffff800`037a62f6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`0ab70a00 fffff800`03489ed3 : 80000000`00000002 00000000`0bd076c0 00000000`000005a0 fffff880`0ab70ae0 : nt!NtDeviceIoControlFile+0x56
fffff880`0ab70a70 00000000`7713138a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0342b708 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7713138a
STACK_COMMAND: kb
FOLLOWUP_IP:
fileinfo!FIStreamGetNext+5b
fffff880`012de2e3 408af0 mov sil,al
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: fileinfo!FIStreamGetNext+5b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: fileinfo
IMAGE_NAME: fileinfo.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc481
FAILURE_BUCKET_ID: X64_0xBE_fileinfo!FIStreamGetNext+5b
BUCKET_ID: X64_0xBE_fileinfo!FIStreamGetNext+5b
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\ZXNFQT4\Windows_NT6_BSOD_jcgriff2\011612-18252-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03412000 PsLoadedModuleList = 0xfffff800`03657670
Debug session time: Tue Jan 17 00:04:36.187 2012 (UTC - 7:00)
System Uptime: 0 days 0:01:00.077
Loading Kernel Symbols
...............................................................
................................................................
............................................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {80000, 2, 1, fffff800034966ec}
Probably caused by : ntkrnlmp.exe ( nt!KeWaitForSingleObject+13c )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000080000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800034966ec, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800036c1100
0000000000080000
CURRENT_IRQL: 2
FAULTING_IP:
nt!KeWaitForSingleObject+13c
fffff800`034966ec f00fba2e07 lock bts dword ptr [rsi],7
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: fffff88003546670 -- (.trap 0xfffff88003546670)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=8ce4ef4b0aa340f4 rbx=0000000000000000 rcx=0000000000000011
rdx=000000000000002b rsi=0000000000000000 rdi=0000000000000000
rip=fffff800034966ec rsp=fffff88003546800 rbp=0000000000000000
r8=fffff78000000008 r9=0000000000000000 r10=0000000000000000
r11=fffff880009b3180 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!KeWaitForSingleObject+0x13c:
fffff800`034966ec f00fba2e07 lock bts dword ptr [rsi],7 ds:db00:00000000`00000000=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8000348e1e9 to fffff8000348ec40
STACK_TEXT:
fffff880`03546528 fffff800`0348e1e9 : 00000000`0000000a 00000000`00080000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`03546530 fffff800`0348ce60 : fffff8a0`00b664b0 fffff880`035466b0 00000000`00000008 00000000`241b68c2 : nt!KiBugCheckDispatch+0x69
fffff880`03546670 fffff800`034966ec : fffff8a0`00b7d010 fffffa80`0bb9b730 fffff880`035468b0 fffff880`0149d0d8 : nt!KiPageFault+0x260
fffff880`03546800 fffff800`0346f872 : fffffa80`0b00d400 00000000`0000001b 00000000`00000000 fffff880`009b3100 : nt!KeWaitForSingleObject+0x13c
fffff880`035468a0 fffff800`03494b6c : ffffffff`ffb3b4c0 00000000`00080000 fffffa80`0b00d4f0 fffff8a0`00b7d3a8 : nt!ExpWaitForResource+0xae
fffff880`03546910 fffff880`014212c3 : 00000000`c00000d8 fffff8a0`00b65570 fffffa80`0c040a60 fffffa80`00000001 : nt!ExAcquireResourceExclusiveLite+0x14f
fffff880`03546980 fffff880`014aeee0 : fffffa80`0c040a60 fffff800`0362f260 fffff8a0`00b65570 00000000`00000009 : Ntfs!NtfsAcquireExclusiveFcb+0x73
fffff880`035469d0 fffff880`0149e357 : fffffa80`0c040a60 fffff8a0`00b656a0 fffff8a0`00b65570 fffffa80`09ad5180 : Ntfs!NtfsCommonClose+0xa0
fffff880`03546aa0 fffff800`03499001 : 00000000`00000000 fffff800`03785900 fffffa80`0709fb01 fffffa80`00000002 : Ntfs!NtfsFspClose+0x15f
fffff880`03546b70 fffff800`03729fee : 00000000`00000000 fffffa80`0709fb60 00000000`00000080 fffffa80`07010450 : nt!ExpWorkerThread+0x111
fffff880`03546c00 fffff800`034805e6 : fffff880`03389180 fffffa80`0709fb60 fffff880`033940c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03546c40 00000000`00000000 : fffff880`03547000 fffff880`03541000 fffff880`035468a0 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KeWaitForSingleObject+13c
fffff800`034966ec f00fba2e07 lock bts dword ptr [rsi],7
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KeWaitForSingleObject+13c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0xA_nt!KeWaitForSingleObject+13c
BUCKET_ID: X64_0xA_nt!KeWaitForSingleObject+13c
Followup: MachineOwner
---------
-
Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\ZXNFQT4\Windows_NT6_BSOD_jcgriff2\011712-16926-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03465000 PsLoadedModuleList = 0xfffff800`036aa670
Debug session time: Tue Jan 17 18:22:28.487 2012 (UTC - 7:00)
System Uptime: 0 days 0:46:15.377
Loading Kernel Symbols
...............................................................
................................................................
.............................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff800037c71f8, fffff88003585848, fffff880035850a0}
Probably caused by : ntkrnlmp.exe ( nt!CmpRemoveKeyHash+4c )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff800037c71f8, The address that the exception occurred at
Arg3: fffff88003585848, Exception Record Address
Arg4: fffff880035850a0, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!CmpRemoveKeyHash+4c
fffff800`037c71f8 488b01 mov rax,qword ptr [rcx]
EXCEPTION_RECORD: fffff88003585848 -- (.exr 0xfffff88003585848)
ExceptionAddress: fffff800037c71f8 (nt!CmpRemoveKeyHash+0x000000000000004c)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff880035850a0 -- (.cxr 0xfffff880035850a0)
rax=fa800720e23004c0 rbx=fffff8a00bbfe258 rcx=fa800720e23004c8
rdx=00000000000002c4 rsi=0000000000000004 rdi=fffff88003585b00
rip=fffff800037c71f8 rsp=fffff88003585a88 rbp=fffff88003585b34
r8=0000000000000000 r9=00000000231d2cec r10=fffff8a00a6646f8
r11=fffff8a00bbfe268 r12=0000000000000002 r13=0000000000000002
r14=0000000000000000 r15=0000000000000001
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
nt!CmpRemoveKeyHash+0x4c:
fffff800`037c71f8 488b01 mov rax,qword ptr [rcx] ds:002b:fa800720`e23004c8=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003714100
ffffffffffffffff
FOLLOWUP_IP:
nt!CmpRemoveKeyHash+4c
fffff800`037c71f8 488b01 mov rax,qword ptr [rcx]
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from fffff800037c7696 to fffff800037c71f8
STACK_TEXT:
fffff880`03585a88 fffff800`037c7696 : fffff8a0`0bbfe258 fffff880`03585b34 00000000`00000004 00000000`00000000 : nt!CmpRemoveKeyHash+0x4c
fffff880`03585a90 fffff800`0373690e : fffff8a0`0bbfe258 fffff880`03585b1c 00000000`00000004 00000000`00000000 : nt!CmpCleanUpKcbCacheWithLock+0x52
fffff880`03585ac0 fffff800`034ec001 : fffff800`037365d4 fffff800`036822b8 fffffa80`07008b60 00000000`00000000 : nt!CmpDelayCloseWorker+0x33a
fffff880`03585b70 fffff800`0377cfee : 00000000`00000000 fffffa80`07008b60 00000000`00000080 fffffa80`06ff5450 : nt!ExpWorkerThread+0x111
fffff880`03585c00 fffff800`034d35e6 : fffff880`03389180 fffffa80`07008b60 fffff880`033940c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03585c40 00000000`00000000 : fffff880`03586000 fffff880`03580000 fffff880`035858a0 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!CmpRemoveKeyHash+4c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
STACK_COMMAND: .cxr 0xfffff880035850a0 ; kb
FAILURE_BUCKET_ID: X64_0x7E_nt!CmpRemoveKeyHash+4c
BUCKET_ID: X64_0x7E_nt!CmpRemoveKeyHash+4c
Followup: MachineOwner
---------
If you are overclocking anything, please stop.
- Possible causes are Memory problems... Drivers...
- Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete (run them an hour before bed each of the next two nights and check before going to sleep that they are still running).
- An underlying driver may be incompatible\conflicting with your system. Run Driver Verifier to find any issues. To run Driver Verifier, do the following:
a.
Backup your system and user files
b.
Create a system restore point
c. If you do not have a Windows 7 DVD,
Create a system repair disc
d. Run
Driver Verifier
If Windows cannot start in normal mode with driver verifier running, start in safe mode. If it cannot start in safe mode or normal mode, restore the system restore point using
System Restore OPTION TWO.
Thanks to zigzag3143 for contributing to the Verifier steps.
If you are unable to start Windows with all drivers being verified or if the blue screen crashes fail to create .dmp files, run them in groups of 5 or 10 until you find a group that causes blue screen crashes and stores the blue screen .dmp files.
- Possible causes are Memory problems... Corrupted hard disk system files... Corrupted System Files... Lack of Windows updates... Antivirus Software...
- Possible causes are Memory problems... Corrupted hard disk system files... Corrupted System Files... Lack of Windows updates... Drivers...
Thanks to Dave76 for help understanding possible causes.
Update the following drivers.
Code:
hamachi fffff880`055a4000 fffff880`055af000 Thu Feb 19 03:36:41 2009 (499d3639) 0000a5d7 hamachi.sys
GEARAspiWDM fffff880`0580f000 fffff880`0581c000 Mon May 18 06:17:04 2009 (4a1151c0) 000159b4 GEARAspiWDM.sys
You may use the following sites as references for finding drivers. We recommend finding the manufacturer of the driver and downloading drivers directly from the manufacturer or software developer. If you have trouble finding a driver or driver manufacturer, let us know and we will do our best to assist you. If you need help, please provide the device name, manufacturer, and the driver .sys file that you are looking for.
- Driver Reference is a good site to find the driver .sys files, their descriptions, and the site most likely to contain an update.
- Driver Search Methods provides driver manufacturers and links to their homepages.
There are a few methods for updating drivers.
- Installing and updating drivers in 7
- Driver Install - Add Hardware Wizard
- Driver Install - Device Manager
To fully re-install a driver, use the following steps.
- Click Start Menu
- Right Click My Computer/Computer
- Click Manage
- Click Device Manager from the list on the left
- Find the device you are trying to uninstall by expanding the appropriate set of devices
- Right click the device
- Click Uninstall (do not click OK in the dialog box that pops up after hitting Uninstall)
- Put a tick in Delete driver software for this device (if this option is available, otherwise just hit OK) and hit OK
- Restart your computer
- Install the latest driver for the device once Windows starts.
Alternatively:
- Login as an adminstrative user.
- Click Start Menu
- Click Control Panel
- Click Hardware and Sound
- Click Device Manager (the last link under Devices and Printers)
- Find the device you are trying to uninstall by expanding the appropriate set of devices
- Right click the device
- Click Uninstall (do not click OK in the dialog box that pops up after hitting Uninstall)
- Put a tick in Delete driver software for this device (if this option is available, otherwise just hit OK) and hit OK
- Restart your computer
- Install the latest driver for the device once Windows starts.