Antivirus Software? Recommend or the
Code:
-
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Kingston\BSODDmpFiles\Mainer82\Windows_NT6_BSOD_jcgriff2\030312-34632-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c62000 PsLoadedModuleList = 0xfffff800`02ea7670
Debug session time: Sat Mar 3 13:20:38.925 2012 (UTC - 7:00)
System Uptime: 0 days 0:14:34.283
Loading Kernel Symbols
...............................................................
................................................................
.........
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1E, {ffffffffc0000005, 53040c70, 8, 53040c70}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4977d )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: 0000000053040c70, The address that the exception occurred at
Arg3: 0000000000000008, Parameter 0 of the exception
Arg4: 0000000053040c70, Parameter 1 of the exception
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
+3435393333633564
00000000`53040c70 ?? ???
EXCEPTION_PARAMETER1: 0000000000000008
EXCEPTION_PARAMETER2: 0000000053040c70
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f11100
0000000053040c70
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
BUGCHECK_STR: 0x1E_c0000005
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: dllhost.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff88005fb12e0 -- (.trap 0xfffff88005fb12e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000057
rdx=000000000000002c rsi=0000000000000000 rdi=0000000000000000
rip=0000000053040c70 rsp=fffff88005fb1478 rbp=fffff960002acc8c
r8=0000000000000028 r9=fffff88005fb1428 r10=fffffa80057c3550
r11=fffff88005fb1458 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
00000000`53040c70 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002d2a588 to fffff80002cdec40
STACK_TEXT:
fffff880`05fb0a58 fffff800`02d2a588 : 00000000`0000001e ffffffff`c0000005 00000000`53040c70 00000000`00000008 : nt!KeBugCheckEx
fffff880`05fb0a60 fffff800`02cde2c2 : fffff880`05fb1238 00000000`00000002 fffff880`05fb12e0 00000000`0c040c68 : nt! ?? ::FNODOBFM::`string'+0x4977d
fffff880`05fb1100 fffff800`02cdce3a : 00000000`00000008 00000000`53040c70 fffffa80`00000000 00000000`00000002 : nt!KiExceptionDispatch+0xc2
fffff880`05fb12e0 00000000`53040c70 : 00000000`0c040c68 00000000`00000002 fffff960`002acc8c 00000000`0c040c68 : nt!KiPageFault+0x23a
fffff880`05fb1478 00000000`0c040c68 : 00000000`00000002 fffff960`002acc8c 00000000`0c040c68 fffff800`02cdded3 : 0x53040c70
fffff880`05fb1480 00000000`00000002 : fffff960`002acc8c 00000000`0c040c68 fffff800`02cdded3 00000000`53040c70 : 0xc040c68
fffff880`05fb1488 fffff960`002acc8c : 00000000`0c040c68 fffff800`02cdded3 00000000`53040c70 fffff880`05fb1520 : 0x2
fffff880`05fb1490 00000000`0c040c68 : fffff800`02cdded3 00000000`53040c70 fffff880`05fb1520 fffff960`002acc8c : win32k!NtGdiCombineRgn
fffff880`05fb1498 fffff800`02cdded3 : 00000000`53040c70 fffff880`05fb1520 fffff960`002acc8c 00000000`00000002 : 0xc040c68
fffff880`05fb14a0 415d4130`c48348c3 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
90909090`909090ff fffff800`02cd6210 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x415d4130`c48348c3
fffff880`05fb1880 00000000`00000000 : 00000000`00000000 fffff900`c0755c20 fffff960`000f6ded fffff900`c0841fb0 : nt!KiCallUserMode
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+4977d
fffff800`02d2a588 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+4977d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
FAILURE_BUCKET_ID: X64_0x1E_c0000005_nt!_??_::FNODOBFM::_string_+4977d
BUCKET_ID: X64_0x1E_c0000005_nt!_??_::FNODOBFM::_string_+4977d
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\Mainer82\Windows_NT6_BSOD_jcgriff2\030312-40107-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02c4f000 PsLoadedModuleList = 0xfffff800`02e94670
Debug session time: Sat Mar 3 11:19:46.866 2012 (UTC - 7:00)
System Uptime: 0 days 0:35:32.850
Loading Kernel Symbols
...............................................................
................................................................
..........
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff80002cdd1a7, fffff8800330f888, fffff8800330f0e0}
Probably caused by : memory_corruption ( nt!MiUnlinkPageFromLockedList+1d7 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002cdd1a7, The address that the exception occurred at
Arg3: fffff8800330f888, Exception Record Address
Arg4: fffff8800330f0e0, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!MiUnlinkPageFromLockedList+1d7
fffff800`02cdd1a7 49890cc0 mov qword ptr [r8+rax*8],rcx
EXCEPTION_RECORD: fffff8800330f888 -- (.exr 0xfffff8800330f888)
ExceptionAddress: fffff80002cdd1a7 (nt!MiUnlinkPageFromLockedList+0x00000000000001d7)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff8800330f0e0 -- (.cxr 0xfffff8800330f0e0)
rax=c8000000003e4e7c rbx=fffffa80000433e0 rcx=ffffffffffffffff
rdx=cc000000000a626a rsi=fffff80002e7dec0 rdi=2aaaaaaaaaaaaaab
rip=fffff80002cdd1a7 rsp=fffff8800330fac0 rbp=0000000000000000
r8=fffffa8000000008 r9=0000000000000000 r10=0000000000000002
r11=0000000000000000 r12=0000058000000000 r13=0000000000000000
r14=0000000000000001 r15=0000000000000001
iopl=0 ov up ei ng nz ac pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010a92
nt!MiUnlinkPageFromLockedList+0x1d7:
fffff800`02cdd1a7 49890cc0 mov qword ptr [r8+rax*8],rcx ds:002b:3ffffa80`01f273e8=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002efe100
ffffffffffffffff
FOLLOWUP_IP:
nt!MiUnlinkPageFromLockedList+1d7
fffff800`02cdd1a7 49890cc0 mov qword ptr [r8+rax*8],rcx
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from fffff80002d05266 to fffff80002cdd1a7
STACK_TEXT:
fffff880`0330fac0 fffff800`02d05266 : 00000000`de268800 fffffa80`034bbca0 00000000`de268800 00000000`de268800 : nt!MiUnlinkPageFromLockedList+0x1d7
fffff880`0330fb50 fffff800`02d05858 : 00000000`00000000 fffffa80`03a27860 fffffa80`00000000 fffff8a0`0891c000 : nt!MiGatherMappedPages+0x5be
fffff880`0330fc50 fffff800`02f66fee : fffffa80`03706a30 00000000`00000080 fffffa80`0366d890 00000000`00000000 : nt!MiMappedPageWriter+0x198
fffff880`0330fd40 fffff800`02cbd5e6 : fffff880`02fd3180 fffffa80`03706a30 fffff880`02fddfc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`0330fd80 00000000`00000000 : fffff880`03310000 fffff880`0330a000 fffff880`0330f8d0 00000000`00000000 : nt!KxStartSystemThread+0x16
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!MiUnlinkPageFromLockedList+1d7
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3
STACK_COMMAND: .cxr 0xfffff8800330f0e0 ; kb
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x7E_nt!MiUnlinkPageFromLockedList+1d7
BUCKET_ID: X64_0x7E_nt!MiUnlinkPageFromLockedList+1d7
Followup: MachineOwner
---------
- Possible causes are Memory problems... Viruses... Corrupted hard disk file system... Corrupted System Files... Lack of Windows updates... Drivers...
Thanks to JMH for helping with my understanding of this crash. - Possible causes are Memory problems... BIOS... Corrupted hard disk file system... Corrupted System Files... Lack of Windows updates... Drivers...
Thanks to Dave76 for help understanding possible causes.
We will start with the common problems first (see bold possible causes). Do the following steps and test by doing your normal routine after each step to see if stability increases (the memory tests you can run concurrently as they will not increase stability unless you are forced to move modules around). Post back your results after each step, and if you get a blue screen crash, upload the files again and await further instructions after we are able to analyze the crash.
If you can do your normal routine for a few weeks without a crash, and your crashes are usually more frequent than that, then the problem is likely solved.
- If you are overclocking any hardware, please stop.
- Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete (run them an hour before bed each of the next two nights and check before going to sleep that they are still running).
If you swap any memory components, follow these steps for ESD safety:
- Shut down and turn off your computer.
- Unplug all power supplies to the computer (AC Power then battery for laptops, AC power for desktops)
- Hold down the power button for 30 seconds to close the circuit and ensure all power drains from components.
- Make sure you are grounded by using proper grounding techniques, i.e. work on an anti-static workbench, anti-static desk, or an anti-static pad. Hold something metallic while touching it to the anti-static surface, or use an anti-static wristband to attach to the anti-static material while working.
Once these steps have been followed, it is safe to remove and replace components within your computer.
- An underlying driver may be incompatible\conflicting with your system. Run Driver Verifier to find any issues. To run Driver Verifier, do the following:
a.
Backup your system and user files
b.
Create a system restore point
c. If you do not have a Windows 7 DVD,
Create a system repair disc
d. Run
Driver Verifier
If Windows cannot start in normal mode with driver verifier running, start in safe mode. If it cannot start in safe mode or normal mode, restore the system restore point using
System Restore OPTION TWO.
Thanks to zigzag3143 for contributing to the Verifier steps.
If you are unable to start Windows with all drivers being verified or if the blue screen crashes fail to create .dmp files, run them in groups of 5 or 10 until you find a group that causes blue screen crashes and stores the blue screen .dmp files.
The idea with Verifier is to cause the system to crash, so do the things you normally do that cause crashes. After you have a few crashes, upload the crash reports for us to take a look and try to find patterns.