Random BSOD over the last 2 days. Everything fine for the past year.

Selections · 20 Jan 2012

Hey SevenForums.

I've had my system just comming upto 12 months now and this is the first time ive experienced a BSOD. Since the 18th January ive had 2 BSOD's a day. The first time I noticed it I was playing music with WMP, then a couple where from browsing the internet with Firefox, and the most recent one was when I was copying some files to a CD with Nero.

Not sure what has caused the problem either. The only recent thing I can think of is when I plugged in a 3.5mm jack into my Soundcard for Line-Input, thats about it.

Included is the .zip recomended by the sticky, below is a minidump i get when Windows recovers.

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 3081

Additional information about the problem:
BCCode: c5
BCP1: 0000000000000008
BCP2: 0000000000000002
BCP3: 0000000000000001
BCP4: FFFFF80003BFA617
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

EDIT:
15 minutes after posting, another BSOD, the error report seems a lot different. I was using WMP at the time.

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 3081

Additional information about the problem:
BCCode: 50
BCP1: FFFFFFFFFFFFFBB0
BCP2: 0000000000000000
BCP3: FFFFF80003AB519C
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

writhziden · 20 Jan 2012

Code:


Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Selections\Windows_NT6_BSOD_jcgriff2\011912-47829-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03a1f000 PsLoadedModuleList = 0xfffff800`03c64670
Debug session time: Thu Jan 19 06:11:04.463 2012 (UTC - 7:00)
System Uptime: 1 days 1:46:47.446
Loading Kernel Symbols
...............................................................
................................................................
....................................................
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {18, 2, 1, fffff8800ff2f71a}

Unable to load image \SystemRoot\system32\DRIVERS\Rt64win7.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Rt64win7.sys
*** ERROR: Module load completed but symbols could not be loaded for Rt64win7.sys
Probably caused by : Rt64win7.sys ( Rt64win7+1671a )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000018, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff8800ff2f71a, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80003cce100
 0000000000000018 

CURRENT_IRQL:  2

FAULTING_IP: 
Rt64win7+1671a
fffff880`0ff2f71a 894618          mov     dword ptr [rsi+18h],eax

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  System

TRAP_FRAME:  fffff8800d933710 -- (.trap 0xfffff8800d933710)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000094 rbx=0000000000000000 rcx=0000000000000001
rdx=000000000000000b rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800ff2f71a rsp=fffff8800d9338a0 rbp=fffffa800bba6290
 r8=0000000000000094  r9=0000000000003fff r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
Rt64win7+0x1671a:
fffff880`0ff2f71a 894618          mov     dword ptr [rsi+18h],eax ds:41a0:00000000`00000018=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80003a9b1e9 to fffff80003a9bc40

STACK_TEXT:  
fffff880`0d9335c8 fffff800`03a9b1e9 : 00000000`0000000a 00000000`00000018 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0d9335d0 fffff800`03a99e60 : fffffa80`0ca3f000 00000000`00000001 fffffa80`0bb1c740 fffffa80`0ca3f000 : nt!KiBugCheckDispatch+0x69
fffff880`0d933710 fffff880`0ff2f71a : fffffa80`0ca3f000 00000000`00000000 fffffa80`0ca3f618 00000000`00000001 : nt!KiPageFault+0x260
fffff880`0d9338a0 fffffa80`0ca3f000 : 00000000`00000000 fffffa80`0ca3f618 00000000`00000001 00000000`00000001 : Rt64win7+0x1671a
fffff880`0d9338a8 00000000`00000000 : fffffa80`0ca3f618 00000000`00000001 00000000`00000001 00000000`00000000 : 0xfffffa80`0ca3f000


STACK_COMMAND:  kb

FOLLOWUP_IP: 
Rt64win7+1671a
fffff880`0ff2f71a 894618          mov     dword ptr [rsi+18h],eax

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  Rt64win7+1671a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Rt64win7

IMAGE_NAME:  Rt64win7.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4df1baab

FAILURE_BUCKET_ID:  X64_0xD1_Rt64win7+1671a

BUCKET_ID:  X64_0xD1_Rt64win7+1671a

Followup: MachineOwner
---------

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Selections\Windows_NT6_BSOD_jcgriff2\012012-42619-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03a0a000 PsLoadedModuleList = 0xfffff800`03c4f670
Debug session time: Fri Jan 20 01:59:34.846 2012 (UTC - 7:00)
System Uptime: 0 days 1:57:54.829
Loading Kernel Symbols
...............................................................
................................................................
..................................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {8, 2, 1, fffff80003a92a26}

Probably caused by : ntkrnlmp.exe ( nt!KiInsertTimerTable+c6 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80003a92a26, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80003cb9100
 0000000000000008 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!KiInsertTimerTable+c6
fffff800`03a92a26 4c894008        mov     qword ptr [rax+8],r8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  uTorrent.exe

TRAP_FRAME:  fffff8800dd52890 -- (.trap 0xfffff8800dd52890)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=000000107be84e02
rdx=fffffa800c8e4080 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003a92a26 rsp=fffff8800dd52a20 rbp=fffffa800c8e4080
 r8=fffffa800fb256a0  r9=00000000000000c8 r10=fffff880009b2180
r11=fffff880009b2100 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
nt!KiInsertTimerTable+0xc6:
fffff800`03a92a26 4c894008        mov     qword ptr [rax+8],r8 ds:00000000`00000008=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80003a861e9 to fffff80003a86c40

STACK_TEXT:  
fffff880`0dd52748 fffff800`03a861e9 : 00000000`0000000a 00000000`00000008 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0dd52750 fffff800`03a84e60 : 00000000`00020000 fffff800`03a96720 fffff880`0dd52920 fffffa80`0fb25680 : nt!KiBugCheckDispatch+0x69
fffff880`0dd52890 fffff800`03a92a26 : 00000014`00000000 00000000`041e001f 00000008`00000002 fffff880`03164180 : nt!KiPageFault+0x260
fffff880`0dd52a20 fffff800`03a8c092 : fffffa80`0fb255c0 fffffa80`0fb255c0 fffffa80`00000000 fffffa80`00000004 : nt!KiInsertTimerTable+0xc6
fffff880`0dd52a80 fffff800`03a8e74f : 00000000`0000014c fffff800`03a741e5 fffffa80`000000c8 fffff880`0dd52ca0 : nt!KiCommitThreadWait+0x332
fffff880`0dd52b10 fffff800`03d7d44e : fffff880`0dd52c00 fffffa80`00000006 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x19f
fffff880`0dd52bb0 fffff800`03a85ed3 : fffffa80`0fb255c0 00000000`0000014c fffff880`0dd52bf8 fffffa80`0eed8810 : nt!NtWaitForSingleObject+0xde
fffff880`0dd52c20 00000000`75712e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`028cf0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x75712e09


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiInsertTimerTable+c6
fffff800`03a92a26 4c894008        mov     qword ptr [rax+8],r8

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!KiInsertTimerTable+c6

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

FAILURE_BUCKET_ID:  X64_0xA_nt!KiInsertTimerTable+c6

BUCKET_ID:  X64_0xA_nt!KiInsertTimerTable+c6

Followup: MachineOwner
---------

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Selections\Windows_NT6_BSOD_jcgriff2\012112-63445-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`03a4f000 PsLoadedModuleList = 0xfffff800`03c94670
Debug session time: Fri Jan 20 06:37:43.439 2012 (UTC - 7:00)
System Uptime: 0 days 4:24:28.422
Loading Kernel Symbols
...............................................................
................................................................
.................................................
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C5, {8, 2, 1, fffff80003bfa617}

Probably caused by : ntkrnlmp.exe ( nt!ExAllocatePoolWithTag+537 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is
caused by drivers that have corrupted the system pool.  Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff80003bfa617, address which referenced memory

Debugging Details:
------------------


BUGCHECK_STR:  0xC5_2

CURRENT_IRQL:  2

FAULTING_IP: 
nt!ExAllocatePoolWithTag+537
fffff800`03bfa617 48895808        mov     qword ptr [rax+8],rbx

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  avgwdsvc.exe

TRAP_FRAME:  fffff8800c3d9390 -- (.trap 0xfffff8800c3d9390)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800c8cc790
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003bfa617 rsp=fffff8800c3d9520 rbp=0000000000001000
 r8=0000000000000000  r9=fffff80003c565c0 r10=fffff80003c56348
r11=fffff8800c3d9650 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!ExAllocatePoolWithTag+0x537:
fffff800`03bfa617 48895808        mov     qword ptr [rax+8],rbx ds:0001:00000000`00000008=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80003acb1e9 to fffff80003acbc40

STACK_TEXT:  
fffff880`0c3d9248 fffff800`03acb1e9 : 00000000`0000000a 00000000`00000008 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0c3d9250 fffff800`03ac9e60 : 00000000`00120100 fffff800`03ddcb2b 00000000`0010019b fffff800`03c565c0 : nt!KiBugCheckDispatch+0x69
fffff880`0c3d9390 fffff800`03bfa617 : 00000000`00000000 fffff8a0`1071dca0 fffff8a0`1071dca0 fffff880`0c3d96f0 : nt!KiPageFault+0x260
fffff880`0c3d9520 fffff800`03dc5a5f : 00000000`00000000 fffffa80`1058a10c 00000000`00000000 fffffa80`00000000 : nt!ExAllocatePoolWithTag+0x537
fffff880`0c3d9610 fffff800`03dd3630 : fffffa80`00000000 fffffa80`0a9f4401 fffffa80`00000060 fffff880`0c3d96b8 : nt!ObpAllocateObject+0x12f
fffff880`0c3d9680 fffff800`03dc9e8a : 00000000`00000005 fffffa80`10d791c8 fffffa80`0b21fd90 fffffa80`0f7bc890 : nt!IopAllocRealFileObject+0xf0
fffff880`0c3d9730 fffff800`03dc6838 : fffffa80`0b21fd90 fffff800`00000000 fffffa80`10d79010 00000000`00000001 : nt!IopParseDevice+0x49a
fffff880`0c3d98c0 fffff800`03dc7a56 : 00000000`00000000 fffffa80`10d79010 fffff880`0c3d9c20 fffffa80`0a9eff30 : nt!ObpLookupObjectName+0x588
fffff880`0c3d99b0 fffff800`03dc935c : fffffa80`0ee6e7b0 00000000`00000000 00000000`00000001 00000000`00000000 : nt!ObOpenObjectByName+0x306
fffff880`0c3d9a80 fffff800`03db4be4 : 00000000`01ade7b8 fffffa80`c0100000 00000000`01adf010 00000000`01ade758 : nt!IopCreateFile+0x2bc
fffff880`0c3d9b20 fffff800`03acaed3 : 00000000`00000000 fffffa80`0ab5ae00 00000000`746c6644 fffff880`0c3d9c38 : nt!NtOpenFile+0x58
fffff880`0c3d9bb0 00000000`77c8164a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01ade718 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77c8164a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!ExAllocatePoolWithTag+537
fffff800`03bfa617 48895808        mov     qword ptr [rax+8],rbx

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!ExAllocatePoolWithTag+537

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

FAILURE_BUCKET_ID:  X64_0xC5_2_nt!ExAllocatePoolWithTag+537

BUCKET_ID:  X64_0xC5_2_nt!ExAllocatePoolWithTag+537

Followup: MachineOwner
---------

If you are overclocking anything, please stop.
The last crash was due to AVG, and the second crash was network related and may also have been related to AVG. Please uninstall AVG using AVG Remover and replace AVG with Microsoft Security Essentials to run with Windows firewall. See if this provides more stability.

Selections · 21 Jan 2012

Im not overclocking anything, nor have i attempted to in the past.

AVG would make sense, a file actually popped up during one of the BSOD and I quickly managed to see a AVG(something).sys, may have been AVGID.sys but I didnt get a chance to write it down.

Im downloading MSE now, ill let you know how i go.

writhziden · 21 Jan 2012

Selections said:

Im not overclocking anything, nor have i attempted to in the past.

AVG would make sense, a file actually popped up during one of the BSOD and I quickly managed to see a AVG(something).sys, may have been AVGID.sys but I didnt get a chance to write it down.

Im downloading MSE now, ill let you know how i go.

Alright, sounds good. Best wishes it makes the system more stable. :)

Selections · 22 Jan 2012

24 hours later and no BSOD. Safe to say I think its fixed, considering I was crashing 2-3 times daily.

Did a bit of googling and found AVG has often released updates that have caused system files to be deleted by its virus scan. I've used AVG for the past 4 years now, and even got it on the same Win7 x64 computers that never have had a BSOD problem.

Thanks for your help Writhziden :)

writhziden · 22 Jan 2012

You are welcome. :) Glad the system is stable.