Some help with a mini dump analysis

I have had a few BSODs over the last few days and am totally lost as to what the cause is. Here is an example of one of the mini dump files.

Code:

Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\122709-18283-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02a12000 PsLoadedModuleList = 0xfffff800`02c4fe50
Debug session time: Sun Dec 27 08:12:32.670 2009 (GMT-6)
System Uptime: 0 days 12:24:22.880
Loading Kernel Symbols
...............................................................
................................................................
........................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {5003, fffff70001080000, 13d60, 137e700026fca}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+21bc6 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000005003, The subtype of the bugcheck.
Arg2: fffff70001080000
Arg3: 0000000000013d60
Arg4: 000137e700026fca

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_5003

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  firefox.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80002aec536 to fffff80002a83f00

STACK_TEXT:  
fffff880`0baa0128 fffff800`02aec536 : 00000000`0000001a 00000000`00005003 fffff700`01080000 00000000`00013d60 : nt!KeBugCheckEx
fffff880`0baa0130 fffff800`02a9e82c : fffff680`0004d540 fffff880`0baa0200 00000000`00000000 ffffffff`ffffffff : nt! ?? ::FNODOBFM::`string'+0x21bc6
fffff880`0baa0180 fffff800`02a81fee : 00000000`00000001 00000000`ffffff07 00000000`0042ec01 00000000`00712d90 : nt!MmAccessFault+0xc4c
fffff880`0baa02e0 00000000`65ff25e1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`0042ebc4 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x65ff25e1


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+21bc6
fffff800`02aec536 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+21bc6

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

FAILURE_BUCKET_ID:  X64_0x1a_5003_nt!_??_::FNODOBFM::_string_+21bc6

BUCKET_ID:  X64_0x1a_5003_nt!_??_::FNODOBFM::_string_+21bc6

Followup: MachineOwner
---------

And one from yesterday:

Code:

Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\122609-37331-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02a5b000 PsLoadedModuleList = 0xfffff800`02c98e50
Debug session time: Sat Dec 26 19:15:43.134 2009 (GMT-6)
System Uptime: 0 days 0:59:19.694
Loading Kernel Symbols
...............................................................
................................................................
........................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C1, {fffff98018fd2fe0, fffff98018fd288c, 4b001c, 32}

Probably caused by : memory_corruption ( nt!MiCheckSpecialPoolSlop+83 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION (c1)
Special pool has detected memory corruption.  Typically the current thread's
stack backtrace will reveal the guilty party.
Arguments:
Arg1: fffff98018fd2fe0, address trying to free
Arg2: fffff98018fd288c, address where one bit is corrupted
Arg3: 00000000004b001c, (reserved)
Arg4: 0000000000000032, caller is freeing an address where nearby bytes within the same page have a single bit error

Debugging Details:
------------------


BUGCHECK_STR:  0xC1_32

SPECIAL_POOL_CORRUPTION_TYPE:  32

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  digsby-app.exe

CURRENT_IRQL:  1

IRP_ADDRESS:  ffffffffffffff88

LAST_CONTROL_TRANSFER:  from fffff80002b5b593 to fffff80002accf00

STACK_TEXT:  
fffff880`06e3a6c8 fffff800`02b5b593 : 00000000`000000c1 fffff980`18fd2fe0 fffff980`18fd288c 00000000`004b001c : nt!KeBugCheckEx
fffff880`06e3a6d0 fffff800`02bd2613 : fffff880`00000003 fffffa80`0ae23b60 00000000`00000297 fffff800`02f5fdfe : nt!MiCheckSpecialPoolSlop+0x83
fffff880`06e3a710 fffff800`02bfe356 : fffff800`02a5b000 00000000`20206f49 00000000`001451bc fffffa80`0addbdb0 : nt!MmFreeSpecialPool+0x1d3
fffff880`06e3a840 fffff800`02aec56e : fffffa80`0ae23b60 fffff800`02ad2dda 00000000`00000001 00000000`00000000 : nt!ExFreePool+0x9f3
fffff880`06e3a8f0 fffff800`02aa992f : 00000000`00000000 00000000`00000000 fffffa80`0addbd00 fffff880`06e3ac60 : nt!IopCompleteRequest+0x5ce
fffff880`06e3a9c0 fffff800`02ad425d : fffff800`02c48fe0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1d7
fffff880`06e3aa40 fffff800`02ad61af : 00000000`00000294 00000000`7efd8000 fffff880`0000006b 00000000`0424f118 : nt!KiCommitThreadWait+0x3dd
fffff880`06e3aad0 fffff800`02dc4ab2 : fffff880`06e3ac00 fffffa80`00000006 00000000`00000001 fffff800`02de4001 : nt!KeWaitForSingleObject+0x19f
fffff880`06e3ab70 fffff800`02acc153 : fffffa80`0ae23b60 00000000`00000000 fffff880`06e3abb8 fffffa80`0a2afbf0 : nt!NtWaitForSingleObject+0xb2
fffff880`06e3abe0 00000000`737f2dd9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0424f0f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x737f2dd9


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!MiCheckSpecialPoolSlop+83
fffff800`02b5b593 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!MiCheckSpecialPoolSlop+83

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

IMAGE_NAME:  memory_corruption

FAILURE_BUCKET_ID:  X64_0xC1_32_VRF_nt!MiCheckSpecialPoolSlop+83

BUCKET_ID:  X64_0xC1_32_VRF_nt!MiCheckSpecialPoolSlop+83

Followup: MachineOwner
---------

Any suggestions on where to go next?

Capt Jack is of course correct.

Memory corruption is the probable cause.


just suggest you

1-run memtest for at least 5 passes

2- in sfc /scannow you give us results for you will have to run it more than once

misc
if you are overclocking STOP
if you are raid'ing update driver


Jump

Ken J+

here is the CBS log

usasma said:

Turn off Driver Verifier. It's purpose is to generate BSOD's:

Go to Start and type in "verifier" (without the quotes) and press Enter
In the next screen, select "Delete existing settings"
Then press the Finish button in the lower right

Thanks - thought I did that last night - but I'll do it again.