BSOD on first boot ntoskrnl.exe

Pirazy · 21 Jan 2012

Hi everyone, ended up here after googling my problem and found some threads with similiar but not the exact same circumstances.

Always, without fault, on the first boot I get a BSOD after windows have finished starting up. Every boot after that works like a charm but if I leave it off for a half hour or so I get a BSOD on boot again.

Some background info, got dropped with annoyingly high frequency while playing SWTOR so I pulled out the USB wireless dongle and gave it a try going wired via my integrated network card. Game played alot better but the next morning when I turned on my computer I got a BSOD. After a couple more of those I did some googling, downloaded BlueScreenView and had a quick look at the dumps. Ntoskrnl.exe seems to be the file causing the trouble so I did some more googling and found advice suggesting to update various drivers. Naturally, since this problem didn't come up until I went back to a wired connection I updated the drivers for the integrated network card. Thought that solved everything but the very next day, on the first boot, I got another BSOD.

I never deactivated the integrated card in the BIOS while going wireless with a USB-dongle so I don't see how it could cause trouble now since window's continued to load the drivers for it for months without problems, it only started acting up the moment it got a working connection.

I've gotten a bunch of different BSOD's ranging from "driver irql not less or equal", "kmode exception not handled", "page fault in nonpaged area" and "system service exception". All of them caused by different files like mup.sys, win32k.sys, CI.dll, atikmdag.sys, ndis.sys but ntoskrnl.exe is the only one that's involved in every single BSOD and it's always the cause with the crash adress being ntoskrnl.exe+7cc40

I won't be able to respond for like 24 hours or so due to work but I'll pull the wired connection and plug in the dongle again and see what happends when I turn the computer on tomorrow before returning to the thread. If the universe makes sense this should rid me of the BSOD but I'd rather run my connection wired for the time being.

Hope you can help me with this.

writhziden · 21 Jan 2012

Code:




Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\012112-8533-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a58000 PsLoadedModuleList = 0xfffff800`02c9d670
Debug session time: Sat Jan 21 10:14:58.188 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:14.609
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {ffffffffc0000005, fffff88000d858bf, 0, d6e96461}

Probably caused by : CI.dll ( CI!SHATransform+e1f )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff88000d858bf, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 00000000d6e96461, Parameter 1 of the exception

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
CI!SHATransform+e1f
fffff880`00d858bf 8b7c2430        mov     edi,dword ptr [rsp+30h]

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  00000000d6e96461

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002d07100
 00000000d6e96461 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

BUGCHECK_STR:  0x1E_c0000005

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  explorer.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff880034332e0 -- (.trap 0xfffff880034332e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000d6e96461 rbx=0000000000000000 rcx=00000000d72a76c4
rdx=00000000fb8841f8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88000d858bf rsp=fffff88003433470 rbp=000000006c79c1e0
 r8=0000000006560951  r9=000000000c32f522 r10=0000000026b953b6
r11=00000000c4cbf639 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
CI!SHATransform+0xe1f:
fffff880`00d858bf 8b7c2430        mov     edi,dword ptr [rsp+30h] ss:fffff880`034334a0=15b19807
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002b20588 to fffff80002ad4c40

STACK_TEXT:  
fffff880`03432a58 fffff800`02b20588 : 00000000`0000001e ffffffff`c0000005 fffff880`00d858bf 00000000`00000000 : nt!KeBugCheckEx
fffff880`03432a60 fffff800`02ad42c2 : fffff880`03433238 00000000`5bb739f7 fffff880`034332e0 00000000`88dcc716 : nt! ?? ::FNODOBFM::`string'+0x4977d
fffff880`03433100 fffff800`02ad2e3a : 00000000`00000000 00000000`d6e96461 fffffa80`05319500 00000000`5bb739f7 : nt!KiExceptionDispatch+0xc2
fffff880`034332e0 fffff880`00d858bf : 6c79c1e0`44d28dcc 334ba770`da8027d4 5bb739f7`aaccf4e8 b03cccc7`88dcc716 : nt!KiPageFault+0x23a
fffff880`03433470 fffff880`00d85d0c : fffff880`034335d8 00800000`014cfb82 00000008`e4fca6d6 fffff800`4b405047 : CI!SHATransform+0xe1f
fffff880`03433500 fffff880`00d42830 : fffff880`03433800 00000000`00001000 00000000`00001000 00000000`00000000 : CI!A_SHAUpdate+0xcc
fffff880`03433540 fffff880`00d426ff : 00000000`00001000 fffff8a0`061e02e0 00000000`00148800 fffff8a0`061e02f0 : CI!HashpHashBytes+0x40
fffff880`03433570 fffff880`00d394c9 : 00000000`00000000 00000000`00000000 fffffa80`040f8180 fffffa80`05867450 : CI!HashKComputeMemoryHash+0x53
fffff880`034336b0 fffff800`02d6ca55 : fffffa80`04849170 fffffa80`04849170 fffff8a0`030d7000 fffffa80`0162d920 : CI!CiValidateImageData+0x295
fffff880`03433890 fffff800`02d6cb15 : fffffa80`00000000 fffffa80`00000b11 fffff880`00000000 fffffa80`0000fe00 : nt!SeValidateImageData+0x21
fffff880`034338c0 fffff800`02b0490b : fffffa80`0162d920 fffffa80`0425b810 00000000`00000000 ffffffff`ffffffff : nt!MiValidateImagePfn+0xb5
fffff880`03433910 fffff800`02afc6cf : fffffa80`0425b750 fffff880`03433a40 fffffa80`055fbec8 fffff960`000c66bf : nt!MiWaitForInPageComplete+0xa0f
fffff880`034339f0 fffff800`02ae302a : 00000000`00000000 00000000`00000000 ffffffff`ffffffff 00000000`00000000 : nt!MiIssueHardFault+0x28b
fffff880`03433a80 fffff800`02ad2d6e : 00000000`00000008 000007fe`fe571067 00000000`029b0901 00000000`029f8c10 : nt!MmAccessFault+0x146a
fffff880`03433be0 000007fe`fe571067 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`0013ef10 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`fe571067


STACK_COMMAND:  kb

FOLLOWUP_IP: 
CI!SHATransform+e1f
fffff880`00d858bf 8b7c2430        mov     edi,dword ptr [rsp+30h]

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  CI!SHATransform+e1f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: CI

IMAGE_NAME:  CI.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7c944

FAILURE_BUCKET_ID:  X64_0x1E_c0000005_CI!SHATransform+e1f

BUCKET_ID:  X64_0x1E_c0000005_CI!SHATransform+e1f

Followup: MachineOwner
---------

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\012012-8533-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a16000 PsLoadedModuleList = 0xfffff800`02c5b670
Debug session time: Fri Jan 20 11:46:56.793 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:17.214
Loading Kernel Symbols
...............................................................
................................................................
...................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff80002d613c6, fffff88009ed8a70, 0}

Probably caused by : hardware ( nt!CmpCreateKeyControlBlock+407 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff80002d613c6, Address of the instruction which caused the bugcheck
Arg3: fffff88009ed8a70, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!CmpCreateKeyControlBlock+407
fffff800`02d613c6 3101            xor     dword ptr [rcx],eax

CONTEXT:  fffff88009ed8a70 -- (.cxr 0xfffff88009ed8a70)
rax=0000000000200000 rbx=0000000000000000 rcx=0000000000000000
rdx=fffff8a00392c688 rsi=fffff8a00392c5d0 rdi=000000006a5588f1
rip=fffff80002d613c6 rsp=fffff88009ed9450 rbp=fffff8a002645024
 r8=0000000000000005  r9=0000000000000002 r10=0000000000000000
r11=fffff8a00359d5c0 r12=fffff8a00392c5d4 r13=fffff8a00260d010
r14=0000000000000128 r15=fffff8a002604801
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
nt!CmpCreateKeyControlBlock+0x407:
fffff800`02d613c6 3101            xor     dword ptr [rcx],eax ds:002b:00000000`00000000=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  explorer.exe

CURRENT_IRQL:  0

MISALIGNED_IP: 
nt!CmpCreateKeyControlBlock+407
fffff800`02d613c6 3101            xor     dword ptr [rcx],eax

LAST_CONTROL_TRANSFER:  from 0000000000000000 to fffff80002d613c6

STACK_TEXT:  
fffff880`09ed9450 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!CmpCreateKeyControlBlock+0x407


FOLLOWUP_IP: 
nt!CmpCreateKeyControlBlock+407
fffff800`02d613c6 3101            xor     dword ptr [rcx],eax

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!CmpCreateKeyControlBlock+407

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  hardware

DEBUG_FLR_IMAGE_TIMESTAMP:  0

STACK_COMMAND:  .cxr 0xfffff88009ed8a70 ; kb

MODULE_NAME: hardware

FAILURE_BUCKET_ID:  X64_IP_MISALIGNED

BUCKET_ID:  X64_IP_MISALIGNED

Followup: MachineOwner
---------

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\011712-8548-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a60000 PsLoadedModuleList = 0xfffff800`02ca5670
Debug session time: Mon Jan 16 17:49:21.540 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:18.961
Loading Kernel Symbols
...............................................................
................................................................
....................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffff89f90da3db5, 1, fffff880011625ff, 5}


Could not read faulting driver name
Probably caused by : luafv.sys ( luafv!LuafvGenerateFileName+82 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff89f90da3db5, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff880011625ff, If non-zero, the instruction address which referenced the bad memory
	address.
Arg4: 0000000000000005, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002d0f100
 fffff89f90da3db5 

FAULTING_IP: 
fltmgr!FltpGetFileNameInformation+36f
fffff880`011625ff 488d55c8        lea     rdx,[rbp-38h]

MM_INTERNAL_CODE:  5

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  explorer.exe

CURRENT_IRQL:  1

TRAP_FRAME:  fffff8800a3228e0 -- (.trap 0xfffff8800a3228e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8005b0ac80 rbx=0000000000000000 rcx=00000000000004bf
rdx=fffffa8004210010 rsi=0000000000000000 rdi=0000000000000000
rip=fffff880011625ff rsp=fffff8800a322a70 rbp=fffff8a003907560
 r8=fffffa800426d1e0  r9=fffff8a0039075e0 r10=fffff88001179840
r11=fffffa80048a5640 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
fltmgr!FltpGetFileNameInformation+0x36f:
fffff880`011625ff 488d55c8        lea     rdx,[rbp-38h]
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002a873bf to fffff80002adcc40

STACK_TEXT:  
fffff880`0a322778 fffff800`02a873bf : 00000000`00000050 fffff89f`90da3db5 00000000`00000001 fffff880`0a3228e0 : nt!KeBugCheckEx
fffff880`0a322780 fffff800`02adad6e : 00000000`00000001 fffff89f`90da3db5 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x44791
fffff880`0a3228e0 fffff880`011625ff : 00000000`00000000 fffffa80`05b0ac80 fffffa80`04002000 fffff8a0`0391d9f8 : nt!KiPageFault+0x16e
fffff880`0a322a70 fffff880`0117f5ef : fffffa80`05b04000 fffffa80`05b0ac80 00000000`00000000 00000000`00000000 : fltmgr!FltpGetFileNameInformation+0x36f
fffff880`0a322af0 fffff880`08811bca : fffffa80`042462c0 fffffa80`048a5770 00000000`00000000 fffff800`02c0b1de : fltmgr!FltGetFileNameInformationUnsafe+0x7f
fffff880`0a322b60 fffff880`01181035 : fffffa80`048a5770 fffff800`02b08830 fffff880`0a322c88 00000000`00000000 : luafv!LuafvGenerateFileName+0x82
fffff880`0a322b90 fffff880`01180ee7 : fffffa80`03a24000 00000000`00000000 fffffa80`048a5770 00000000`00000000 : fltmgr!FltpCallOpenedFileNameHandler+0x75
fffff880`0a322bd0 fffff880`01180e1e : fffffa80`048a5770 fffffa80`052dd010 00000000`00000000 fffff880`01162daa : fltmgr!FltpGetNormalizedFileNameWorker+0x27
fffff880`0a322c10 fffff880`011624fb : fffffa80`04210010 fffffa80`05b0ac80 fffffa80`04002000 fffff880`0a324000 : fltmgr!FltpCreateFileNameInformation+0xee
fffff880`0a322c70 fffff880`0117f5ef : 00000000`00008000 fffffa80`05b0ac80 fffffa80`052dd010 fffff880`0a322ea8 : fltmgr!FltpGetFileNameInformation+0x26b
fffff880`0a322cf0 fffff880`018a2fda : fffffa80`048a5770 00000000`00000000 00000000`00000844 fffffa80`03968de0 : fltmgr!FltGetFileNameInformationUnsafe+0x7f
fffff880`0a322d60 fffff880`018a2f23 : 00000000`00000000 fffff880`0a323c60 00000000`00000844 fffff880`0a323c60 : tcpip!WfpAleCaptureImageFileName+0x3a
fffff880`0a322db0 fffff880`018c495e : fffff8a0`003110d0 00000000`00000000 fffffa80`05b6a630 00000000`00000000 : tcpip!WfpCreateProcessNotifyRoutine+0x63
fffff880`0a322e90 fffff800`02dc9f0e : fffff8a0`00004490 fffff880`0a323c60 fffff8a0`002da4f0 00000000`00000002 : tcpip!CreateProcessNotifyRoutineEx+0xe
fffff880`0a322ec0 fffff800`02d86737 : fffffa80`05ca5b60 fffffa80`05b6a630 fffff880`0a323170 fffff880`0a3230ac : nt!PspInsertThread+0x66e
fffff880`0a323040 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtCreateUserProcess+0x732


STACK_COMMAND:  kb

FOLLOWUP_IP: 
luafv!LuafvGenerateFileName+82
fffff880`08811bca 8bd8            mov     ebx,eax

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  luafv!LuafvGenerateFileName+82

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: luafv

IMAGE_NAME:  luafv.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc295

FAILURE_BUCKET_ID:  X64_0x50_luafv!LuafvGenerateFileName+82

BUCKET_ID:  X64_0x50_luafv!LuafvGenerateFileName+82

Followup: MachineOwner
---------

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\011612-3712-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a06000 PsLoadedModuleList = 0xfffff800`02c4b670
Debug session time: Mon Jan 16 03:12:41.010 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:20.431
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffff88060bcacf2, 8, fffff88060bcacf2, 5}


Could not read faulting driver name
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+44791 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff88060bcacf2, memory referenced.
Arg2: 0000000000000008, value 0 = read operation, 1 = write operation.
Arg3: fffff88060bcacf2, If non-zero, the instruction address which referenced the bad memory
	address.
Arg4: 0000000000000005, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cb5100
 fffff88060bcacf2 

FAULTING_IP: 
+3231313266306334
fffff880`60bcacf2 ??              ???

MM_INTERNAL_CODE:  5

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  ekrn.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff8800a3f6600 -- (.trap 0xfffff8800a3f6600)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8a000c27840 rbx=0000000000000000 rcx=00000000000018a1
rdx=fffff88002f00000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88060bcacf2 rsp=fffff8800a3f6790 rbp=fffff8a007e32f80
 r8=000000000000c508  r9=0000000000000050 r10=fffff80002a06000
r11=00000000000004ed r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
fffff880`60bcacf2 ??              ???
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002a2d3bf to fffff80002a82c40

STACK_TEXT:  
fffff880`0a3f6498 fffff800`02a2d3bf : 00000000`00000050 fffff880`60bcacf2 00000000`00000008 fffff880`0a3f6600 : nt!KeBugCheckEx
fffff880`0a3f64a0 fffff800`02a80d6e : 00000000`00000008 fffff880`60bcacf2 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x44791
fffff880`0a3f6600 fffff880`60bcacf2 : fffff880`0a3f6850 00000000`00000000 00000000`41746e4d 00000000`000007ff : nt!KiPageFault+0x16e
fffff880`0a3f6790 fffff880`0a3f6850 : 00000000`00000000 00000000`41746e4d 00000000`000007ff fffff8a0`07e32f80 : 0xfffff880`60bcacf2
fffff880`0a3f6798 00000000`00000000 : 00000000`41746e4d 00000000`000007ff fffff8a0`07e32f80 00000000`00000032 : 0xfffff880`0a3f6850


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+44791
fffff800`02a2d3bf cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+44791

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

FAILURE_BUCKET_ID:  X64_0x50_nt!_??_::FNODOBFM::_string_+44791

BUCKET_ID:  X64_0x50_nt!_??_::FNODOBFM::_string_+44791

Followup: MachineOwner
---------

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\011612-8626-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a1c000 PsLoadedModuleList = 0xfffff800`02c61670
Debug session time: Mon Jan 16 03:11:58.609 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:27.029
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {fffff8807c9a5121, 2, 8, fffff8807c9a5121}

Unable to load image \SystemRoot\system32\DRIVERS\netr28ux.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for netr28ux.sys
*** ERROR: Module load completed but symbols could not be loaded for netr28ux.sys
Probably caused by : netr28ux.sys ( netr28ux+418b0 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffff8807c9a5121, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
Arg4: fffff8807c9a5121, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ccb100
 fffff8807c9a5121 

CURRENT_IRQL:  2

FAULTING_IP: 
+3231313266306334
fffff880`7c9a5121 ??              ???

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  System

TRAP_FRAME:  fffff88002f1b460 -- (.trap 0xfffff88002f1b460)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8807c9a5121 rbx=0000000000000000 rcx=fffff88002665000
rdx=fffffa8005610014 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8807c9a5121 rsp=fffff88002f1b5f0 rbp=0000000000000000
 r8=fffff88002f1b668  r9=fffff88002f1b66c r10=fffff80002a1c000
r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
fffff880`7c9a5121 ??              ???
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002a981e9 to fffff80002a98c40

FAILED_INSTRUCTION_ADDRESS: 
+3231313266306334
fffff880`7c9a5121 ??              ???

STACK_TEXT:  
fffff880`02f1b318 fffff800`02a981e9 : 00000000`0000000a fffff880`7c9a5121 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx
fffff880`02f1b320 fffff800`02a96e60 : fffffa80`055cfe10 fffff880`06405f99 fffffa80`04730480 fffffa80`055cd9f0 : nt!KiBugCheckDispatch+0x69
fffff880`02f1b460 fffff880`7c9a5121 : fffffa80`055cd9f0 fffff880`026a68b0 00000000`000000e5 fffffa80`06768610 : nt!KiPageFault+0x260
fffff880`02f1b5f0 fffffa80`055cd9f0 : fffff880`026a68b0 00000000`000000e5 fffffa80`06768610 fffffa80`0561002c : 0xfffff880`7c9a5121
fffff880`02f1b5f8 fffff880`026a68b0 : 00000000`000000e5 fffffa80`06768610 fffffa80`0561002c fffffa80`055cd9f0 : 0xfffffa80`055cd9f0
fffff880`02f1b600 00000000`000000e5 : fffffa80`06768610 fffffa80`0561002c fffffa80`055cd9f0 00000000`00000008 : netr28ux+0x418b0
fffff880`02f1b608 fffffa80`06768610 : fffffa80`0561002c fffffa80`055cd9f0 00000000`00000008 00000000`00000004 : 0xe5
fffff880`02f1b610 fffffa80`0561002c : fffffa80`055cd9f0 00000000`00000008 00000000`00000004 fffffa80`051551b0 : 0xfffffa80`06768610
fffff880`02f1b618 fffffa80`055cd9f0 : 00000000`00000008 00000000`00000004 fffffa80`051551b0 fffff880`026a5ed3 : 0xfffffa80`0561002c
fffff880`02f1b620 00000000`00000008 : 00000000`00000004 fffffa80`051551b0 fffff880`026a5ed3 fffffa80`051d1000 : 0xfffffa80`055cd9f0
fffff880`02f1b628 00000000`00000004 : fffffa80`051551b0 fffff880`026a5ed3 fffffa80`051d1000 fffffa80`05610014 : 0x8
fffff880`02f1b630 fffffa80`051551b0 : fffff880`026a5ed3 fffffa80`051d1000 fffffa80`05610014 fffff880`02f1b668 : 0x4
fffff880`02f1b638 fffff880`026a5ed3 : fffffa80`051d1000 fffffa80`05610014 fffff880`02f1b668 fffff880`02f1b66c : 0xfffffa80`051551b0
fffff880`02f1b640 fffffa80`051d1000 : fffffa80`05610014 fffff880`02f1b668 fffff880`02f1b66c fffffa80`05610014 : netr28ux+0x40ed3
fffff880`02f1b648 fffffa80`05610014 : fffff880`02f1b668 fffff880`02f1b66c fffffa80`05610014 fffff880`0266dc52 : 0xfffffa80`051d1000
fffff880`02f1b650 fffff880`02f1b668 : fffff880`02f1b66c fffffa80`05610014 fffff880`0266dc52 fffffa80`0541ba20 : 0xfffffa80`05610014
fffff880`02f1b658 fffff880`02f1b66c : fffffa80`05610014 fffff880`0266dc52 fffffa80`0541ba20 fffffa80`051db0b0 : 0xfffff880`02f1b668
fffff880`02f1b660 fffffa80`05610014 : fffff880`0266dc52 fffffa80`0541ba20 fffffa80`051db0b0 0000000c`00000c00 : 0xfffff880`02f1b66c
fffff880`02f1b668 fffff880`0266dc52 : fffffa80`0541ba20 fffffa80`051db0b0 0000000c`00000c00 00000000`00000000 : 0xfffffa80`05610014
fffff880`02f1b670 fffffa80`0541ba20 : fffffa80`051db0b0 0000000c`00000c00 00000000`00000000 00000000`000000e5 : netr28ux+0x8c52
fffff880`02f1b678 fffffa80`051db0b0 : 0000000c`00000c00 00000000`00000000 00000000`000000e5 fffff880`026708e8 : 0xfffffa80`0541ba20
fffff880`02f1b680 0000000c`00000c00 : 00000000`00000000 00000000`000000e5 fffff880`026708e8 fffffa80`051d1000 : 0xfffffa80`051db0b0
fffff880`02f1b688 00000000`00000000 : 00000000`000000e5 fffff880`026708e8 fffffa80`051d1000 fffffa80`05890000 : 0xc`00000c00


STACK_COMMAND:  kb

FOLLOWUP_IP: 
netr28ux+418b0
fffff880`026a68b0 ??              ???

SYMBOL_STACK_INDEX:  5

SYMBOL_NAME:  netr28ux+418b0

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: netr28ux

IMAGE_NAME:  netr28ux.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  49a6032d

FAILURE_BUCKET_ID:  X64_0xD1_CODE_AV_BAD_IP_netr28ux+418b0

BUCKET_ID:  X64_0xD1_CODE_AV_BAD_IP_netr28ux+418b0

Followup: MachineOwner
---------

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\011612-3853-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a4b000 PsLoadedModuleList = 0xfffff800`02c90670
Debug session time: Sun Jan 15 20:07:20.387 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:31.807
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {0, 2, 1, fffff880014633c0}

Probably caused by : NETIO.SYS ( NETIO!NsiEnumerateObjectsAllParametersEx+24f )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff880014633c0, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cfa100
 0000000000000000 

CURRENT_IRQL:  2

FAULTING_IP: 
ndis!ndisIfQueryObject+340
fffff880`014633c0 49890424        mov     qword ptr [r12],rax

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  msnmsgr.exe

TRAP_FRAME:  fffff8800b34cec0 -- (.trap 0xfffff8800b34cec0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000008
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff880014633c0 rsp=fffff8800b34d050 rbp=0000000000010285
 r8=fffff8800145e000  r9=0000000000000000 r10=fffff8800145e000
r11=fffff880014c2758 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
ndis!ndisIfQueryObject+0x340:
fffff880`014633c0 49890424        mov     qword ptr [r12],rax ds:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002ac71e9 to fffff80002ac7c40

STACK_TEXT:  
fffff880`0b34cd78 fffff800`02ac71e9 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0b34cd80 fffff800`02ac5e60 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`0b34cec0 fffff880`014633c0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260
fffff880`0b34d050 fffff880`01465593 : 00000000`00000204 00000000`0000027c 00000000`00000000 fffff800`02ad9e84 : ndis!ndisIfQueryObject+0x340
fffff880`0b34d1e0 fffff880`01465d19 : fffffa80`047531a0 fffffa80`047531a0 fffffa80`04753200 fffffa80`05b0aaf8 : ndis!ndisNsiGetInterfaceRodEnumObject+0x243
fffff880`0b34d4a0 fffff880`01554aab : 00000000`00000000 fffffa80`00000008 00000000`00000290 fffffa80`00000238 : ndis!ndisNsiEnumerateAllInterfaceInformation+0x2ea
fffff880`0b34d590 fffff880`061c6e29 : fffffa80`05b09000 fffff8a0`00000070 fffffa80`065b5d00 fffff880`0b34d8d0 : NETIO!NsiEnumerateObjectsAllParametersEx+0x24f
fffff880`0b34d770 fffff880`061c88e8 : fffffa80`065b5d00 fffffa80`065b5c30 00000000`00000000 fffffa80`065b5c68 : nsiproxy!NsippEnumerateObjectsAllParameters+0x305
fffff880`0b34d960 fffff880`061c89db : fffffa80`0461ec50 00000000`00000000 00000000`00000001 00000000`00000003 : nsiproxy!NsippDispatchDeviceControl+0x70
fffff880`0b34d9a0 fffff800`02de2a97 : fffffa80`04278070 fffffa80`04278070 fffffa80`065b5d48 fffffa80`065b5c30 : nsiproxy!NsippDispatch+0x4b
fffff880`0b34d9d0 fffff800`02de32f6 : 00000000`099fe578 00000000`00000eac 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`0b34db00 fffff800`02ac6ed3 : fffffa80`05afab60 00000000`099fe518 fffff880`0b34db88 00000000`00000001 : nt!NtDeviceIoControlFile+0x56
fffff880`0b34db70 00000000`75042e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`099fee28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x75042e09


STACK_COMMAND:  kb

FOLLOWUP_IP: 
NETIO!NsiEnumerateObjectsAllParametersEx+24f
fffff880`01554aab 8bd8            mov     ebx,eax

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  NETIO!NsiEnumerateObjectsAllParametersEx+24f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce79381

FAILURE_BUCKET_ID:  X64_0xD1_NETIO!NsiEnumerateObjectsAllParametersEx+24f

BUCKET_ID:  X64_0xD1_NETIO!NsiEnumerateObjectsAllParametersEx+24f

Followup: MachineOwner
---------

Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\Pirazy\011612-8548-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a12000 PsLoadedModuleList = 0xfffff800`02c57670
Debug session time: Sun Jan 15 20:05:56.646 2012 (UTC - 7:00)
System Uptime: 0 days 0:00:28.926
Loading Kernel Symbols
...............................................................
................................................................
......................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {100248c8d60, 2, 0, fffff8800768503a}

Unable to load image \SystemRoot\system32\DRIVERS\atikmdag.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for atikmdag.sys
*** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
Probably caused by : atikmdag.sys ( atikmdag+3e403a )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000100248c8d60, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff8800768503a, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cc1100
 00000100248c8d60 

CURRENT_IRQL:  2

FAULTING_IP: 
atikmdag+3e403a
fffff880`0768503a 48ff6018        jmp     qword ptr [rax+18h]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xD1

PROCESS_NAME:  System

TRAP_FRAME:  fffff88006f3c240 -- (.trap 0xfffff88006f3c240)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000100248c8d48 rbx=0000000000000000 rcx=fffff80002a914da
rdx=fffffa8005150270 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800768503a rsp=fffff88006f3c3d0 rbp=fffffa800597a980
 r8=fffffa800597a980  r9=0000000000000242 r10=0000024200000c40
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
atikmdag+0x3e403a:
fffff880`0768503a 48ff6018        jmp     qword ptr [rax+18h] ds:00000100`248c8d60=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002a8e1e9 to fffff80002a8ec40

STACK_TEXT:  
fffff880`06f3c0f8 fffff800`02a8e1e9 : 00000000`0000000a 00000100`248c8d60 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`06f3c100 fffff800`02a8ce60 : fffffa80`0597a980 fffff880`06f3c7f0 fffffa80`03c8ee40 fffffa80`05150000 : nt!KiBugCheckDispatch+0x69
fffff880`06f3c240 fffff880`0768503a : fffff880`07688d09 fffff880`0768a1fa fffffa80`05150000 fffffa80`05150000 : nt!KiPageFault+0x260
fffff880`06f3c3d0 fffff880`07688d09 : fffff880`0768a1fa fffffa80`05150000 fffffa80`05150000 fffffa80`0597a980 : atikmdag+0x3e403a
fffff880`06f3c3d8 fffff880`0768a1fa : fffffa80`05150000 fffffa80`05150000 fffffa80`0597a980 fffffa80`051501a0 : atikmdag+0x3e7d09
fffff880`06f3c3e0 fffffa80`05150000 : fffffa80`05150000 fffffa80`0597a980 fffffa80`051501a0 fffff880`06f3c500 : atikmdag+0x3e91fa
fffff880`06f3c3e8 fffffa80`05150000 : fffffa80`0597a980 fffffa80`051501a0 fffff880`06f3c500 fffffa80`0597a980 : 0xfffffa80`05150000
fffff880`06f3c3f0 fffffa80`0597a980 : fffffa80`051501a0 fffff880`06f3c500 fffffa80`0597a980 fffff880`047e8000 : 0xfffffa80`05150000
fffff880`06f3c3f8 fffffa80`051501a0 : fffff880`06f3c500 fffffa80`0597a980 fffff880`047e8000 fffff880`076a6460 : 0xfffffa80`0597a980
fffff880`06f3c400 fffff880`06f3c500 : fffffa80`0597a980 fffff880`047e8000 fffff880`076a6460 00000000`00000000 : 0xfffffa80`051501a0
fffff880`06f3c408 fffffa80`0597a980 : fffff880`047e8000 fffff880`076a6460 00000000`00000000 00000000`00000000 : 0xfffff880`06f3c500
fffff880`06f3c410 fffff880`047e8000 : fffff880`076a6460 00000000`00000000 00000000`00000000 fffffa80`05150000 : 0xfffffa80`0597a980
fffff880`06f3c418 fffff880`076a6460 : 00000000`00000000 00000000`00000000 fffffa80`05150000 fffffa80`05150020 : 0xfffff880`047e8000
fffff880`06f3c420 00000000`00000000 : 00000000`00000000 fffffa80`05150000 fffffa80`05150020 fffff880`06f3c7f0 : atikmdag+0x405460


STACK_COMMAND:  kb

FOLLOWUP_IP: 
atikmdag+3e403a
fffff880`0768503a 48ff6018        jmp     qword ptr [rax+18h]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  atikmdag+3e403a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: atikmdag

IMAGE_NAME:  atikmdag.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4ebb3c7e

FAILURE_BUCKET_ID:  X64_0xD1_atikmdag+3e403a

BUCKET_ID:  X64_0xD1_atikmdag+3e403a

Followup: MachineOwner
---------

Possible causes are Memory problems... Viruses... Corrupted hard disk system files... Corrupted System Files... Lack of Windows updates... Drivers...
Possible causes are Memory problems... Corrupted hard disk system files... Corrupted System Files... Graphics Driver...
Possible causes are Memory problems... Graphics card memory problems... CMOS... Corrupted hard disk system files... Corrupted System Files... Missing Windows Updates... Drivers...
Seems most likely to be caused by your antivirus software, ESET. Other possible causes are Memory problems... Graphics card memory problems... CMOS... Corrupted hard disk system files... Corrupted System Files... Missing Windows Updates... Drivers...
Caused by netr28ux.sys, which is your Ralink RT2870 series USB802.11n Wireless Adapter Driver (you may have a different manufacturer). Could be due to ESET preventing the driver from working properly.
NETIO.SYS is typically blamed when a network driver is corrupt or antivirus software interferes with the network adapter. Could be ESET again.
This was due to your graphics card driver.

Thanks to Dave76 for help understanding possible causes.

Start with the problem that occurs the most; your antivirus software being to blame or possibly to blame in at least three instances.

If you are overclocking anything, please stop.
Remove your ESET antivirus software using the steps in How do I manually uninstall my Windows ESET security product? - ESET Knowledgebase and replace with Microsoft Security Essentials - Free Antivirus for Windows to run with Windows firewall.

Pirazy · 22 Jan 2012

So, first boot of the day, and it went flawless, guess that rules out all the other stuff you listed, writhziden. I really appreciate your help though.

Last night I pulled out the tp-cable and plugged in the usb-dongle again, afterwards I went into BIOS and disabled the integrated network card before shutting down for the night. Can't be old network card drivers, I updated that just one week ago when I got the first BSOD, is it triggered by some kind of conflict between my wired and wireless connections?

Would appreciate some thoughts on that before I do something drastic, like getting rid of the antivirus software which I've already paid a 1-year license for. I'll dig up an old USB-memory tomorrow and run some memtest later, just to be sure. I think I've already done a scan of the systemfiles using chkdsk and nothing corrupted was found, same with the harddrives, no problems there according to Intel SSD Toolbox. I may also try completely uninstalling the dongle and go back to wired just to make sure they're the ones interfering with each other..

writhziden · 22 Jan 2012

It could be a conflict between drivers, but since ESET was blamed in one of the crashes, it is possible that ESET is causing the conflict between those drivers. ESET is normally a good piece of software, but it has been known to cause conflicts on some systems. If disabling the wired connection works, then I would use that as a workaround solution if you are set against getting rid of ESET.

Just an fyi: I do not know what the ESET policy is, but some antivirus software companies will refund the remaining money for the remaining time of the license if you are no longer going to use the product due to a conflict with your system. You could also see if they are willing to do troubleshooting steps to determine why their software caused the crash.

Edit: Also, you said you updated your network adapter drivers. What steps did you follow to do so? Sometimes it is necessary to uninstall the old driver completely before installing the new one.

Pirazy · 22 Jan 2012

Well, I guess I could try uninstalling ESET and go back to having both wired and wireless activated at the same time and see what happends, if I'm not seeing any more BSODs then that should isolate ESET as the cause. And I can always reinstall it and continue with one of the connections disabled.

As for the network driver, I just used 'update driver' in the device manager. I knew gfx-drivers are picky and may have to be completely uninstalled before installing new ones but didn't know it also applied to other devices. And it's certainly a first for me that drivers are causing rampant BSODs. Oh well, tomorrow I'll run a couple of passes of memtest and do complete reinstalls of the network devices, with freshly downloaded drivers.

I guess it'll take quite a while to fix this, seeing as the easiest way to repeat the conditions and make certain they occur are to leave the computer off for a few hours, preferrably over night.

writhziden · 22 Jan 2012

Pirazy said:

Well, I guess I could try uninstalling ESET and go back to having both wired and wireless activated at the same time and see what happends, if I'm not seeing any more BSODs then that should isolate ESET as the cause. And I can always reinstall it and continue with one of the connections disabled.

As for the network driver, I just used 'update driver' in the device manager. I knew gfx-drivers are picky and may have to be completely uninstalled before installing new ones but didn't know it also applied to other devices. And it's certainly a first for me that drivers are causing rampant BSODs. Oh well, tomorrow I'll run a couple of passes of memtest and do complete reinstalls of the network devices, with freshly downloaded drivers.

I guess it'll take quite a while to fix this, seeing as the easiest way to repeat the conditions and make certain they occur are to leave the computer off for a few hours, preferrably over night.

Good troubleshooting thoughts for ESET and the network devices. In regards to the network adapter drivers, my wireless driver is very hard to update at times, and I have had to uninstall and then install the latest afterward. Helped someone earlier today having the same trouble getting the wireless card to update; Windows kept saying that it was already at the latest even though it was not.

However long it takes is fine as long as it does not interfere with your ability to do your normal routine. We will be here to help through the process for as long as it takes. Keep us posted on your steps and the results, and also the result of the Memtests.

Due to all the components and software within a computer, the best we can do is help users to narrow down causes by eliminating possibilities one at a time. Appreciate your willingness to follow the troubleshooting steps to rule out causes. :)

Pirazy · 24 Jan 2012

Another day, another BSOD.

Uninstalled both devices yesterday, rebooted and updated their drivers to the most recent ones (couldn't do a fresh install with the new driver from the start because win7 insisted on installing them straight away using old drivers without asking permission).

When booting up today I got a BSOD, although this time win7 froze on the second boot when loading windows, during the animated logo, so the next boot windows performed tests and tried to repair various system files. Either it didn't find anything or it just couldn't repair what was broken because it only suggested a system restore, seeing as it didn't seem to think it was important to tell me when the last system restore point was made I skipped it.

I'll uninstall ESET later tonight and we'll see what happends tomorrow when I try another fresh boot.

EDIT: Can it be an IRQ-conflict? I had a look at the IRQ lists and I was surprised at how many devices shared an adress..

This can't be right, can it? There's like two-three devices sharing one adress in several instances, one of them being what I believe is the integrated audio which I've disabled in BIOS, that shouldn't even show up on this list, right? Or am I reading it wrong? This is practically chaos, shouldn't windows sound the alarm if I have this many conflicts?

writhziden · 24 Jan 2012

Pirazy said:

Another day, another BSOD.

Uninstalled both devices yesterday, rebooted and updated their drivers to the most recent ones (couldn't do a fresh install with the new driver from the start because win7 insisted on installing them straight away using old drivers without asking permission).

I'll uninstall ESET later tonight and we'll see what happends tomorrow when I try another fresh boot.

EDIT: Can it be an IRQ-conflict? I had a look at the IRQ lists and I was surprised at how many devices shared an adress..

This can't be right, can it? There's like two-three devices sharing one adress in several instances, one of them being what I believe is the integrated audio which I've disabled in BIOS, that shouldn't even show up on this list, right? Or am I reading it wrong? This is practically chaos, shouldn't windows sound the alarm if I have this many conflicts?

That is fine that Windows installed the driver automatically. If you wanted to prevent that, you would need to find all versions of the driver on your machine and change the name to *.sys.bak where * is the name of the driver. I do not think it is necessary to do so at this time.

It is also pretty standard procedure for those addresses to be shared. My computer has seven shared devices on 16, three on 17, three on 18, and six on 19. HD Audio is not the same as the integrated audio. It is usually a subset of another device, and it is most often part of the display card. To find out what device yours is a part of, check the hardware IDs through device manager: start menu -> right click computer/my computer -> manage -> device manager (from the list on the left) -> expand sound, video, and game controllers -> right click the hd audio device -> details tab -> change property to hardware ids. Search for the id online to determine what it is part of, or check through your devices using the same procedure to determine each device's hardware id.

Pirazy said:

When booting up today I got a BSOD, although this time win7 froze on the second boot when loading windows, during the animated logo, so the next boot windows performed tests and tried to repair various system files. Either it didn't find anything or it just couldn't repair what was broken because it only suggested a system restore, seeing as it didn't seem to think it was important to tell me when the last system restore point was made I skipped it.

You may have to run the Startup Repair up to three times to fully repair the startup process. See Startup Repair - Run 3 Separate Times for further reading on the subject.

Pirazy · 25 Jan 2012

Great news everyone!

Uninstalled ESET last night before going to bed, currently running wired with the dongle unplugged but still installed and I got a perfect boot. I'll leave things as is to see if it'll boot again tomorrow, after that I'll reinstall ESET and see if it'll bring back the BSODs.

Thanks for your help writhziden, looks like this one is about to work itself out.. unless I just jinxed it.

writhziden · 25 Jan 2012

That is great news, though I'm sorry to hear it might be ESET. Hopefully they'll help you troubleshoot their program if you confirm that it is their program.