New
#1
System Crash - Please Help Decipher Attached Minidump 082414-38984-01
Am attaching Mini Kernel Dump File for a crash that occurred 08/24/2014 @ 00:09:20.938. This crash came when using a System Repair Disk to force a system restore to date: 08/15/2014 (Note: The normal Action Center "Backup and Restore" function could not complete the "Restore" process to any previous date.)
**************************************************************************
Microsoft (R) Windows Debugger Version 6.3.9600.17200 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\082414-38984-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
ResponseTime (ms)Location
DeferredSRV*k:\crash symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*k:\crash symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18409.x86fre.win7sp1_gdr.140303-2144
Machine Name:
Kernel base = 0x8204b000 PsLoadedModuleList = 0x821945b0
Debug session time: Sun Aug 24 00:09:20.938 2014 (UTC - 7:00)
System Uptime: 0 days 1:34:24.209
Loading Kernel Symbols
...............................................................
................................................................
........................................
Loading User Symbols
Loading unloaded module list
..........
*******************************************************************************
**
*Bugcheck Analysis*
**
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {8bd0c898, 2, 1, 820c1479}
Unable to load image \??\C:\Windows\System32\drivers\GUBootStartup.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for GUBootStartup.sys
*** ERROR: Module load completed but symbols could not be loaded for GUBootStartup.sys
Probably caused by : GUBootStartup.sys ( GUBootStartup+bfa )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
**
*Bugcheck Analysis*
**
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 8bd0c898, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 820c1479, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from 821b484c
Unable to read MiSystemVaType memory at 82193f00
8bd0c898
CURRENT_IRQL:2
FAULTING_IP:
nt!KeWaitForSingleObject+27d
820c1479 f00fba2807lock bts dword ptr [eax],7
CUSTOMER_CRASH_COUNT:1
DEFAULT_BUCKET_ID:WIN7_DRIVER_FAULT
BUGCHECK_STR:0xA
PROCESS_NAME:SearchFilterHo
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre
TRAP_FRAME:8bed2b54 -- (.trap 0xffffffff8bed2b54)
ErrCode = 00000003
eax=8bd0c898 ebx=8bd0c898 ecx=85400da8 edx=00000000 esi=85400d48 edi=85400e08
eip=820c1479 esp=8bed2bc8 ebp=8bed2c28 iopl=0nv up ei pl zr na pe nc
cs=0008ss=0010ds=0023es=0023fs=0030gs=0000efl=00010246
nt!KeWaitForSingleObject+0x27d:
820c1479 f00fba2807lock bts dword ptr [eax],7ds:0023:8bd0c898=00080002
Resetting default scope
LAST_CONTROL_TRANSFER:from 820c1479 to 8208bb7f
STACK_TEXT:
8bed2b54 820c1479 badb0d00 00000000 00000110 nt!KiTrap0E+0x1b3
8bed2c28 8d70ebfa 8bd0c898 00000000 00000000 nt!KeWaitForSingleObject+0x27d
WARNING: Stack unwind information not available. Following frames may be wrong.
8bed2c54 822a6bdf 00000e6c 00000838 00000000 GUBootStartup+0xbfa
8bed2c80 822b49bc 00000001 01a97570 c23e509a nt!PspExitProcess+0xa3
8bed2cfc 822a6fa4 00000000 ffffffff 0018fc6c nt!PspExitThread+0x59a
8bed2d24 820888c6 ffffffff 00000000 0018fc78 nt!NtTerminateProcess+0x1fa
8bed2d24 77f070f4 ffffffff 00000000 0018fc78 nt!KiSystemServicePostCall
0018fc78 00000000 00000000 00000000 00000000 0x77f070f4
STACK_COMMAND:kb
FOLLOWUP_IP:
GUBootStartup+bfa
8d70ebfa ?????
SYMBOL_STACK_INDEX:2
SYMBOL_NAME:GUBootStartup+bfa
FOLLOWUP_NAME:MachineOwner
MODULE_NAME: GUBootStartup
IMAGE_NAME:GUBootStartup.sys
DEBUG_FLR_IMAGE_TIMESTAMP:53a79743
FAILURE_BUCKET_ID:0xA_GUBootStartup+bfa
BUCKET_ID:0xA_GUBootStartup+bfa
ANALYSIS_SOURCE:KM
FAILURE_ID_HASH_STRING:km:0xa_gubootstartup+bfa
FAILURE_ID_HASH:{2e2e0771-3cc0-715a-38ce-e223a12dec45}
Followup: MachineOwner
---------
0: kd> .trap 0xffffffff8bed2b54
ErrCode = 00000003
eax=8bd0c898 ebx=8bd0c898 ecx=85400da8 edx=00000000 esi=85400d48 edi=85400e08
eip=820c1479 esp=8bed2bc8 ebp=8bed2c28 iopl=0nv up ei pl zr na pe nc
cs=0008ss=0010ds=0023es=0023fs=0030gs=0000efl=00010246
nt!KeWaitForSingleObject+0x27d:
820c1479 f00fba2807lock bts dword ptr [eax],7ds:0023:8bd0c898=00080002
0: kd> lmvm GUBootStartup
startendmodule name
8d70e000 8d710400GUBootStartup T (no symbols)
Loaded symbol image file: GUBootStartup.sys
Image path: \??\C:\Windows\System32\drivers\GUBootStartup.sys
Image name: GUBootStartup.sys
Timestamp:Sun Jun 22 19:56:03 2014 (53A79743)
CheckSum:00009D66
ImageSize:00002400
Translations:0000.04b0 0000.04e4 0409.04b0 0409.04e4