Installed Antivirus:
Code:
ccsvchst.exe c:\program files (x86)\norton internet security\engine\19.5.0.145\ccsvchst.exe 1068 8 1024 10240 2/22/2012 5:50 PM 11.2.0.9 135.01 KB (138,248 bytes) 1/31/2012 10:34 AM
ccsvchst.exe c:\program files (x86)\norton internet security\engine\19.5.0.145\ccsvchst.exe 3780 8 1024 10240 2/22/2012 5:52 PM 11.2.0.9 135.01 KB (138,248 bytes) 1/31/2012 10:34 AM
Build:
Code:
6.1.7600 N/A Build 7600
Code:
-
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Kingston\BSODDmpFiles\JC1\Windows_NT6_BSOD_jcgriff2\022212-43321-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02c4f000 PsLoadedModuleList = 0xfffff800`02e8ce70
Debug session time: Wed Feb 22 17:40:40.825 2012 (UTC - 7:00)
System Uptime: 0 days 0:39:02.965
Loading Kernel Symbols
...............................................................
................................................................
..............................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, fffff80002fb43fa, 1, 18}
Probably caused by : ntkrnlmp.exe ( nt!ObpCreateHandle+29a )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002fb43fa, The address that the exception occurred at
Arg3: 0000000000000001, Parameter 0 of the exception
Arg4: 0000000000000018, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!ObpCreateHandle+29a
fffff800`02fb43fa f0480fba6f1800 lock bts qword ptr [rdi+18h],0
EXCEPTION_PARAMETER1: 0000000000000001
EXCEPTION_PARAMETER2: 0000000000000018
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ef70e0
0000000000000018
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
BUGCHECK_STR: 0x1E_c0000005
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: rundll32.exe
CURRENT_IRQL: 0
EXCEPTION_RECORD: fffff880035852a8 -- (.exr 0xfffff880035852a8)
ExceptionAddress: fffff80002fb43fa (nt!ObpCreateHandle+0x000000000000029a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 0000000000000018
Attempt to write to address 0000000000000018
TRAP_FRAME: fffff88003585350 -- (.trap 0xfffff88003585350)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800552b680
rdx=00000000000f001f rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002fb43fa rsp=fffff880035854e0 rbp=0000000000000000
r8=fffff8a0033010f0 r9=00000000000000e8 r10=0000000000000000
r11=fffff8a0033010a0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po nc
nt!ObpCreateHandle+0x29a:
fffff800`02fb43fa f0480fba6f1800 lock bts qword ptr [rdi+18h],0 ds:00000000`00000018=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002cf9919 to fffff80002cbf5c0
STACK_TEXT:
fffff880`03584ad8 fffff800`02cf9919 : 00000000`0000001e ffffffff`c0000005 fffff800`02fb43fa 00000000`00000001 : nt!KeBugCheckEx
fffff880`03584ae0 fffff800`02cbec02 : fffff880`035852a8 00000000`00000000 fffff880`03585350 fffffa80`0552b680 : nt!KiDispatchException+0x1b9
fffff880`03585170 fffff800`02cbd77a : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000001 : nt!KiExceptionDispatch+0xc2
fffff880`03585350 fffff800`02fb43fa : 00000000`00000000 fffff880`03585530 fffffa80`0ab46060 fffff8a0`033010f0 : nt!KiPageFault+0x23a
fffff880`035854e0 fffff800`02facf1c : 00000000`00000000 fffff8a0`033010f0 00000000`000f001f fffff8a0`1221f000 : nt!ObpCreateHandle+0x29a
fffff880`035855f0 fffff800`02facd90 : fffffa80`05e0a170 fffff880`035859a0 fffffa80`06568c10 00000000`08000000 : nt!ObInsertObjectEx+0xec
fffff880`03585830 fffff800`02cbe813 : fffffa80`0552b680 fffff880`03585ad8 fffff880`035858c8 fffffa80`0aa8b280 : nt!NtCreateSection+0x1ef
fffff880`035858b0 fffff800`02cbadb0 : fffffa80`07264a76 fffff880`03585bc0 00000000`00000000 fffffa80`07268250 : nt!KiSystemServiceCopyEnd+0x13
fffff880`03585ab8 fffffa80`07264a76 : fffff880`03585bc0 00000000`00000000 fffffa80`07268250 fffffa80`0726b540 : nt!KiServiceLinkage
fffff880`03585ac0 fffff880`03585bc0 : 00000000`00000000 fffffa80`07268250 fffffa80`0726b540 fffffa80`00000002 : 0xfffffa80`07264a76
fffff880`03585ac8 00000000`00000000 : fffffa80`07268250 fffffa80`0726b540 fffffa80`00000002 00000000`08000000 : 0xfffff880`03585bc0
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ObpCreateHandle+29a
fffff800`02fb43fa f0480fba6f1800 lock bts qword ptr [rdi+18h],0
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: nt!ObpCreateHandle+29a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
FAILURE_BUCKET_ID: X64_0x1E_c0000005_nt!ObpCreateHandle+29a
BUCKET_ID: X64_0x1E_c0000005_nt!ObpCreateHandle+29a
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\JC1\Windows_NT6_BSOD_jcgriff2\020812-30248-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02c1f000 PsLoadedModuleList = 0xfffff800`02e5ce70
Debug session time: Wed Feb 8 13:52:38.685 2012 (UTC - 7:00)
System Uptime: 0 days 1:58:05.841
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7A, {20, ffffffffc000009d, fffffa8006ee9078, 0}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4c340 )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_DATA_INPAGE_ERROR (7a)
The requested page of kernel data could not be read in. Typically caused by
a bad block in the paging file or disk controller error. Also see
KERNEL_STACK_INPAGE_ERROR.
If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
it means the disk subsystem has experienced a failure.
If the error status is 0xC000009A, then it means the request failed because
a filesystem failed to make forward progress.
Arguments:
Arg1: 0000000000000020, lock type that was held (value 1,2,3, or PTE address)
Arg2: ffffffffc000009d, error status (normally i/o status code)
Arg3: fffffa8006ee9078, current process (virtual address for lock type 3, or PTE)
Arg4: 0000000000000000, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)
Debugging Details:
------------------
ERROR_CODE: (NTSTATUS) 0xc000009d - STATUS_DEVICE_NOT_CONNECTED
DISK_HARDWARE_ERROR: There was error with disk hardware
BUGCHECK_STR: 0x7a_c000009d
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 1
LAST_CONTROL_TRANSFER: from fffff80002cc72dc to fffff80002c8f5c0
STACK_TEXT:
fffff880`035d9a88 fffff800`02cc72dc : 00000000`0000007a 00000000`00000020 ffffffff`c000009d fffffa80`06ee9078 : nt!KeBugCheckEx
fffff880`035d9a90 fffff800`02c794f7 : fffffa80`06ee9010 00000000`c000009d 00000000`00000000 fffffa80`06ee90a8 : nt! ?? ::FNODOBFM::`string'+0x4c340
fffff880`035d9b50 fffff800`02c6c007 : fffffa80`05522b60 fffffa80`05522bb0 00000000`00000000 fffffa80`00000204 : nt!IopCompletePageWrite+0x57
fffff880`035d9b80 fffff800`02c968ed : fffffa80`05522b60 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
fffff880`035d9c00 fffff800`02cd6845 : 00000000`0000000c fffff880`009b7040 00000000`00000000 fffff800`02c299e0 : nt!KiCommitThreadWait+0x3dd
fffff880`035d9c90 fffff800`02c29a3a : fffffa80`05522b60 fffff880`00000008 00000000`00000001 fffffa80`054ef040 : nt!KeWaitForGate+0x101
fffff880`035d9ce0 fffff800`02f2f6fa : fffffa80`05522b60 4b744b74`5cd45cd4 00000000`00000080 00000000`00000001 : nt!MiModifiedPageWriter+0x5a
fffff880`035d9d40 fffff800`02c6db46 : fffff880`009b2180 fffffa80`05522b60 fffff880`009bd0c0 2e3f2e3f`c543c543 : nt!PspSystemThreadStartup+0x5a
fffff880`035d9d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+4c340
fffff800`02cc72dc cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+4c340
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
FAILURE_BUCKET_ID: X64_0x7a_c000009d_nt!_??_::FNODOBFM::_string_+4c340
BUCKET_ID: X64_0x7a_c000009d_nt!_??_::FNODOBFM::_string_+4c340
Followup: MachineOwner
---------
- Possible causes are Memory problems... Viruses... Corrupted hard disk file system... Corrupted System Files... Lack of Windows updates... Drivers...
Thanks to JMH for helping with my understanding of this crash. - Indicates there was a bad cluster on your hard disk.
We will start with the common problems first (see bold possible causes). Do the following steps and test after each step to see if stability increases. Post back your results after each step, and if you get a blue screen crash, upload the files again and await further instructions after we are able to analyze the crash.
- If you are overclocking any hardware, please stop.
- Run Disk Check with both boxes checked for all HDDs and with Automatically fix file system errors checked for all SSDs. Post back your logs for the checks after finding them using Check Disk (chkdsk) - Read Event Viewer Log
Run the hard disk diagnostics, preferably the long tests.
- Run SFC /SCANNOW Command - System File Checker up to three times to fix all errors. Post back if it continues to show errors after a fourth run or if the first run comes back with no integrity violations.
- Update to Service Pack 1 (SP1)
Links to Service Pack 1 (SP1) and preparation for SP1 courtesy of JMH