BSOD Memory _Management - Win 7 Professional 64 bit SP1

Discussion in 'Software' started by chi_kigirl, Jul 18, 2011.

  1. chi_kigirl

    chi_kigirl Private E-2

    Hi,

    I am really hoping someone here can help me.

    The symptoms: I am getting BSOD notifications. It seems to occur when I try to install anything i.e. new software, updates etc. Sometimes it occurs just on startup when I've made no changes to windows. It does not happy every time but currently 3/5 attempts to start it blue screens. It usually cites Memory_Management and does a minidump. Sometimes during startup the pc gets past the windows logo screen, appears to be starting normally and then restarts itself before getting the desktop up.

    I am using windows 7 professional ed. 64 bit. SP 1.
    Below is the minidump info I collected:



    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\Minidump\071611-13494-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: C:\Windows\Symbols
    Executable search path is:
    Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
    Machine Name:
    Kernel base = 0xfffff800`02e5f000 PsLoadedModuleList = 0xfffff800`030a4650
    Debug session time: Sat Jul 16 17:38:11.300 2011 (UTC - 5:00)
    System Uptime: 0 days 0:03:04.610
    Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ..............................
    Loading User Symbols
    Loading unloaded module list
    ....
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 1A, {41790, fffffa80064ff5c0, ffff, 0}

    Probably caused by : memory_corruption ( nt!MiFreeContiguousPages+40 )

    Followup: MachineOwner
    ---------

    11: kd> analyze -v
    *** WARNING: Unable to verify timestamp for kdcom.dll
    *** WARNING: Unable to verify timestamp for hal.dll
    *** WARNING: Unable to verify timestamp for volmgrx.sys
    *** ERROR: Module load completed but symbols could not be loaded for volmgrx.sys
    *** WARNING: Unable to verify timestamp for mcupdate_GenuineIntel.dll
    *** ERROR: Module load completed but symbols could not be loaded for mcupdate_GenuineIntel.dll
    *** WARNING: Unable to verify timestamp for PSHED.dll
    *** ERROR: Module load completed but symbols could not be loaded for PSHED.dll
    *** WARNING: Unable to verify timestamp for CLFS.SYS
    *** WARNING: Unable to verify timestamp for CI.dll
    *** ERROR: Module load completed but symbols could not be loaded for CI.dll
    *** WARNING: Unable to verify timestamp for jraid.sys
    *** ERROR: Module load completed but symbols could not be loaded for jraid.sys
    *** WARNING: Unable to verify timestamp for Wdf01000.sys
    *** ERROR: Module load completed but symbols could not be loaded for Wdf01000.sys
    *** WARNING: Unable to verify timestamp for WDFLDR.SYS
    *** ERROR: Module load completed but symbols could not be loaded for WDFLDR.SYS
    *** WARNING: Unable to verify timestamp for ACPI.sys
    *** WARNING: Unable to verify timestamp for WMILIB.SYS
    *** WARNING: Unable to verify timestamp for msisadrv.sys
    *** ERROR: Module load completed but symbols could not be loaded for msisadrv.sys
    *** WARNING: Unable to verify timestamp for pci.sys
    *** WARNING: Unable to verify timestamp for vdrvroot.sys
    *** ERROR: Module load completed but symbols could not be loaded for vdrvroot.sys
    *** WARNING: Unable to verify timestamp for partmgr.sys
    *** WARNING: Unable to verify timestamp for volmgr.sys
    *** ERROR: Module load completed but symbols could not be loaded for volmgr.sys
    *** WARNING: Unable to verify timestamp for pciide.sys
    *** WARNING: Unable to verify timestamp for PCIIDEX.SYS
    *** WARNING: Unable to verify timestamp for msrpc.sys
    *** ERROR: Module load completed but symbols could not be loaded for msrpc.sys
    *** WARNING: Unable to verify timestamp for cng.sys
    *** ERROR: Module load completed but symbols could not be loaded for cng.sys
    *** WARNING: Unable to verify timestamp for SCSIPORT.SYS
    *** WARNING: Unable to verify timestamp for mountmgr.sys
    *** WARNING: Unable to verify timestamp for atapi.sys
    *** WARNING: Unable to verify timestamp for ataport.SYS
    *** ERROR: Module load completed but symbols could not be loaded for ataport.SYS
    *** WARNING: Unable to verify timestamp for amdxata.sys
    *** ERROR: Module load completed but symbols could not be loaded for amdxata.sys
    *** WARNING: Unable to verify timestamp for fltmgr.sys
    *** WARNING: Unable to verify timestamp for fileinfo.sys
    *** ERROR: Module load completed but symbols could not be loaded for fileinfo.sys
    *** WARNING: Unable to verify timestamp for Fs_Rec.sys
    *** WARNING: Unable to verify timestamp for Ntfs.sys
    *** WARNING: Unable to verify timestamp for ksecdd.sys
    *** WARNING: Unable to verify timestamp for pcw.sys
    *** ERROR: Module load completed but symbols could not be loaded for pcw.sys
    *** WARNING: Unable to verify timestamp for ksecpkg.sys
    *** ERROR: Module load completed but symbols could not be loaded for ksecpkg.sys
    *** WARNING: Unable to verify timestamp for cdrom.sys
    *** WARNING: Unable to verify timestamp for ks.sys
    *** WARNING: Unable to verify timestamp for ndis.sys
    *** WARNING: Unable to verify timestamp for NETIO.SYS
    *** ERROR: Module load completed but symbols could not be loaded for NETIO.SYS
    *** WARNING: Unable to verify timestamp for umbus.sys
    *** ERROR: Module load completed but symbols could not be loaded for umbus.sys
    *** WARNING: Unable to verify timestamp for nusb3hub.sys
    *** ERROR: Module load completed but symbols could not be loaded for nusb3hub.sys
    *** WARNING: Unable to verify timestamp for tcpip.sys
    *** WARNING: Unable to verify timestamp for fwpkclnt.sys
    *** ERROR: Module load completed but symbols could not be loaded for fwpkclnt.sys
    *** WARNING: Unable to verify timestamp for vmstorfl.sys
    *** ERROR: Module load completed but symbols could not be loaded for vmstorfl.sys
    *** WARNING: Unable to verify timestamp for volsnap.sys
    *** WARNING: Unable to verify timestamp for spldr.sys
    *** ERROR: Module load completed but symbols could not be loaded for spldr.sys
    *** WARNING: Unable to verify timestamp for rdyboost.sys
    *** ERROR: Module load completed but symbols could not be loaded for rdyboost.sys
    *** WARNING: Unable to verify timestamp for mup.sys
    *** WARNING: Unable to verify timestamp for hwpolicy.sys
    *** ERROR: Module load completed but symbols could not be loaded for hwpolicy.sys
    *** WARNING: Unable to verify timestamp for fvevol.sys
    *** ERROR: Module load completed but symbols could not be loaded for fvevol.sys
    *** WARNING: Unable to verify timestamp for disk.sys
    *** WARNING: Unable to verify timestamp for CLASSPNP.SYS
    *** WARNING: Unable to verify timestamp for raspptp.sys
    *** WARNING: Unable to verify timestamp for mouclass.sys
    *** WARNING: Unable to verify timestamp for aswSnx.SYS
    *** ERROR: Module load completed but symbols could not be loaded for aswSnx.SYS
    *** WARNING: Unable to verify timestamp for Null.SYS
    *** WARNING: Unable to verify timestamp for Beep.SYS
    *** WARNING: Unable to verify timestamp for vga.sys
    *** WARNING: Unable to verify timestamp for VIDEOPRT.SYS
    *** WARNING: Unable to verify timestamp for watchdog.sys
    *** WARNING: Unable to verify timestamp for RDPCDD.sys
    *** WARNING: Unable to verify timestamp for rdpencdd.sys
    *** ERROR: Module load completed but symbols could not be loaded for rdpencdd.sys
    *** WARNING: Unable to verify timestamp for rdprefmp.sys
    *** ERROR: Module load completed but symbols could not be loaded for rdprefmp.sys
    *** WARNING: Unable to verify timestamp for Msfs.SYS
    *** WARNING: Unable to verify timestamp for Npfs.SYS
    *** WARNING: Unable to verify timestamp for tdx.sys
    *** ERROR: Module load completed but symbols could not be loaded for tdx.sys
    *** WARNING: Unable to verify timestamp for TDI.SYS
    *** WARNING: Unable to verify timestamp for aswTdi.SYS
    *** ERROR: Module load completed but symbols could not be loaded for aswTdi.SYS
    *** WARNING: Unable to verify timestamp for rasl2tp.sys
    *** WARNING: Unable to verify timestamp for ndiswan.sys
    *** WARNING: Unable to verify timestamp for rassstp.sys
    *** ERROR: Module load completed but symbols could not be loaded for rassstp.sys
    *** WARNING: Unable to verify timestamp for pacer.sys
    *** ERROR: Module load completed but symbols could not be loaded for pacer.sys
    *** WARNING: Unable to verify timestamp for vwififlt.sys
    *** ERROR: Module load completed but symbols could not be loaded for vwififlt.sys
    *** WARNING: Unable to verify timestamp for netbios.sys
    *** WARNING: Unable to verify timestamp for wanarp.sys
    *** WARNING: Unable to verify timestamp for termdd.sys
    *** WARNING: Unable to verify timestamp for SASKUTIL64.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SASKUTIL64.SYS
    *** WARNING: Unable to verify timestamp for SASDIFSV64.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SASDIFSV64.SYS
    *** WARNING: Unable to verify timestamp for rdbss.sys
    *** WARNING: Unable to verify timestamp for nsiproxy.sys
    *** ERROR: Module load completed but symbols could not be loaded for nsiproxy.sys
    *** WARNING: Unable to verify timestamp for mssmbios.sys
    *** WARNING: Unable to verify timestamp for afd.sys
    *** WARNING: Unable to verify timestamp for aswRdr.SYS
    *** ERROR: Module load completed but symbols could not be loaded for aswRdr.SYS
    *** WARNING: Unable to verify timestamp for netbt.sys
    *** WARNING: Unable to verify timestamp for wfplwf.sys
    *** ERROR: Module load completed but symbols could not be loaded for wfplwf.sys
    *** WARNING: Unable to verify timestamp for discache.sys
    *** ERROR: Module load completed but symbols could not be loaded for discache.sys
    *** WARNING: Unable to verify timestamp for kbdclass.sys
    *** WARNING: Unable to verify timestamp for nusb3xhc.sys
    *** ERROR: Module load completed but symbols could not be loaded for nusb3xhc.sys
    *** WARNING: Unable to verify timestamp for USBD.SYS
    *** WARNING: Unable to verify timestamp for atikmpag.sys
    *** ERROR: Module load completed but symbols could not be loaded for atikmpag.sys
    *** WARNING: Unable to verify timestamp for AgileVpn.sys
    *** ERROR: Module load completed but symbols could not be loaded for AgileVpn.sys
    *** WARNING: Unable to verify timestamp for csc.sys
    *** ERROR: Module load completed but symbols could not be loaded for csc.sys
    *** WARNING: Unable to verify timestamp for dfsc.sys
    *** ERROR: Module load completed but symbols could not be loaded for dfsc.sys
    *** WARNING: Unable to verify timestamp for blbdrive.sys
    *** ERROR: Module load completed but symbols could not be loaded for blbdrive.sys
    *** WARNING: Unable to verify timestamp for aswSP.SYS
    *** ERROR: Module load completed but symbols could not be loaded for aswSP.SYS
    *** WARNING: Unable to verify timestamp for AppleCharger.sys
    *** ERROR: Module load completed but symbols could not be loaded for AppleCharger.sys
    *** WARNING: Unable to verify timestamp for tunnel.sys
    *** ERROR: Module load completed but symbols could not be loaded for tunnel.sys
    *** WARNING: Unable to verify timestamp for intelppm.sys
    *** WARNING: Unable to verify timestamp for raspppoe.sys
    *** WARNING: Unable to verify timestamp for usbehci.sys
    *** WARNING: Unable to verify timestamp for wmiacpi.sys
    *** WARNING: Unable to verify timestamp for CompositeBus.sys
    *** ERROR: Module load completed but symbols could not be loaded for CompositeBus.sys
    *** WARNING: Unable to verify timestamp for dxgkrnl.sys
    *** ERROR: Module load completed but symbols could not be loaded for dxgkrnl.sys
    *** WARNING: Unable to verify timestamp for dxgmms1.sys
    *** ERROR: Module load completed but symbols could not be loaded for dxgmms1.sys
    *** WARNING: Unable to verify timestamp for HDAudBus.sys
    *** WARNING: Unable to verify timestamp for usbuhci.sys
    *** WARNING: Unable to verify timestamp for USBPORT.SYS
    *** WARNING: Unable to verify timestamp for ndistapi.sys
    *** WARNING: Unable to verify timestamp for swenum.sys
    *** WARNING: Unable to verify timestamp for usbhub.sys
    *** WARNING: Unable to verify timestamp for NDProxy.SYS
    *** WARNING: Unable to verify timestamp for AtihdW76.sys
    *** ERROR: Module load completed but symbols could not be loaded for AtihdW76.sys
    *** WARNING: Unable to verify timestamp for portcls.sys
    *** WARNING: Unable to verify timestamp for drmk.sys
    *** ERROR: Module load completed but symbols could not be loaded for drmk.sys
    *** WARNING: Unable to verify timestamp for ksthunk.sys
    *** WARNING: Unable to verify timestamp for nwifi.sys
    *** ERROR: Module load completed but symbols could not be loaded for nwifi.sys
    *** WARNING: Unable to verify timestamp for Rt64win7.sys
    *** ERROR: Module load completed but symbols could not be loaded for Rt64win7.sys
    *** WARNING: Unable to verify timestamp for 1394ohci.sys
    *** ERROR: Module load completed but symbols could not be loaded for 1394ohci.sys
    *** WARNING: Unable to verify timestamp for atikmdag.sys
    *** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
    *** WARNING: Unable to verify timestamp for rdpbus.sys
    *** ERROR: Module load completed but symbols could not be loaded for rdpbus.sys
    *** WARNING: Unable to verify timestamp for mrxsmb.sys
    *** WARNING: Unable to verify timestamp for mrxsmb10.sys
    *** ERROR: Module load completed but symbols could not be loaded for mrxsmb10.sys
    *** WARNING: Unable to verify timestamp for mrxsmb20.sys
    *** ERROR: Module load completed but symbols could not be loaded for mrxsmb20.sys
    *** WARNING: Unable to verify timestamp for HTTP.sys
    *** WARNING: Unable to verify timestamp for bowser.sys
    *** ERROR: Module load completed but symbols could not be loaded for bowser.sys
    *** WARNING: Unable to verify timestamp for mpsdrv.sys
    *** ERROR: Module load completed but symbols could not be loaded for mpsdrv.sys
    *** WARNING: Unable to verify timestamp for RTKVHD64.sys
    *** ERROR: Module load completed but symbols could not be loaded for RTKVHD64.sys
    *** WARNING: Unable to verify timestamp for usbccgp.sys
    *** WARNING: Unable to verify timestamp for hidusb.sys
    *** WARNING: Unable to verify timestamp for HIDCLASS.SYS
    *** WARNING: Unable to verify timestamp for HIDPARSE.SYS
    *** WARNING: Unable to verify timestamp for mouhid.sys
    *** WARNING: Unable to verify timestamp for kbdhid.sys
    *** WARNING: Unable to verify timestamp for Dxapi.sys
    *** WARNING: Unable to verify timestamp for crashdmp.sys
    *** ERROR: Module load completed but symbols could not be loaded for crashdmp.sys
    *** WARNING: Unable to verify timestamp for dump_diskdump.sys
    *** ERROR: Module load completed but symbols could not be loaded for dump_diskdump.sys
    *** WARNING: Unable to verify timestamp for dump_JRAID.sys
    *** ERROR: Module load completed but symbols could not be loaded for dump_JRAID.sys
    *** WARNING: Unable to verify timestamp for dump_dumpfve.sys
    *** ERROR: Module load completed but symbols could not be loaded for dump_dumpfve.sys
    *** WARNING: Unable to verify timestamp for monitor.sys
    *** ERROR: Module load completed but symbols could not be loaded for monitor.sys
    *** WARNING: Unable to verify timestamp for luafv.sys
    *** ERROR: Module load completed but symbols could not be loaded for luafv.sys
    *** WARNING: Unable to verify timestamp for aswMonFlt.sys
    *** ERROR: Module load completed but symbols could not be loaded for aswMonFlt.sys
    *** WARNING: Unable to verify timestamp for aswFsBlk.SYS
    *** ERROR: Module load completed but symbols could not be loaded for aswFsBlk.SYS
    *** WARNING: Unable to verify timestamp for WudfPf.sys
    *** ERROR: Module load completed but symbols could not be loaded for WudfPf.sys
    *** WARNING: Unable to verify timestamp for lltdio.sys
    *** ERROR: Module load completed but symbols could not be loaded for lltdio.sys
    *** WARNING: Unable to verify timestamp for ndisuio.sys
    *** WARNING: Unable to verify timestamp for rspndr.sys
    *** ERROR: Module load completed but symbols could not be loaded for rspndr.sys
    *** WARNING: Unable to verify timestamp for rikvm_9EC60124.sys
    *** ERROR: Module load completed but symbols could not be loaded for rikvm_9EC60124.sys
    *** WARNING: Unable to verify timestamp for peauth.sys
    *** ERROR: Module load completed but symbols could not be loaded for peauth.sys
    *** WARNING: Unable to verify timestamp for secdrv.SYS
    *** ERROR: Module load completed but symbols could not be loaded for secdrv.SYS
    *** WARNING: Unable to verify timestamp for srvnet.sys
    *** ERROR: Module load completed but symbols could not be loaded for srvnet.sys
    *** WARNING: Unable to verify timestamp for tcpipreg.sys
    *** ERROR: Module load completed but symbols could not be loaded for tcpipreg.sys
    *** WARNING: Unable to verify timestamp for srv2.sys
    *** ERROR: Module load completed but symbols could not be loaded for srv2.sys
    *** WARNING: Unable to verify timestamp for srv.sys
    *** WARNING: Unable to verify timestamp for spsys.sys
    *** ERROR: Module load completed but symbols could not be loaded for spsys.sys
    *** WARNING: Unable to verify timestamp for asyncmac.sys
    *** WARNING: Unable to verify timestamp for win32k.sys
    *** WARNING: Unable to verify timestamp for TSDDD.dll
    *** WARNING: Unable to verify timestamp for cdd.dll
    *** ERROR: Module load completed but symbols could not be loaded for cdd.dll
    *** WARNING: Unable to verify timestamp for ATMFD.DLL
    *** ERROR: Module load completed but symbols could not be loaded for ATMFD.DLL
    Couldn't resolve error at 'nalyze -v'


    Also attaching the boot log:

    Service Pack 1 7 18 2011 10:45:41.111
    Loaded driver \SystemRoot\system32\ntoskrnl.exe
    Loaded driver \SystemRoot\system32\hal.dll
    Loaded driver \SystemRoot\system32\kdcom.dll
    Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
    Loaded driver \SystemRoot\system32\PSHED.dll
    Loaded driver \SystemRoot\system32\CLFS.SYS
    Loaded driver \SystemRoot\system32\CI.dll
    Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
    Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
    Loaded driver \SystemRoot\system32\drivers\ACPI.sys
    Loaded driver \SystemRoot\system32\drivers\WMILIB.SYS
    Loaded driver \SystemRoot\system32\drivers\msisadrv.sys
    Loaded driver \SystemRoot\system32\drivers\pci.sys
    Loaded driver \SystemRoot\system32\drivers\vdrvroot.sys
    Loaded driver \SystemRoot\System32\drivers\partmgr.sys
    Loaded driver \SystemRoot\system32\drivers\volmgr.sys
    Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
    Loaded driver \SystemRoot\system32\drivers\pciide.sys
    Loaded driver \SystemRoot\system32\drivers\PCIIDEX.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\jraid.sys
    Loaded driver \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
    Loaded driver \SystemRoot\system32\drivers\atapi.sys
    Loaded driver \SystemRoot\system32\drivers\ataport.SYS
    Loaded driver \SystemRoot\system32\drivers\amdxata.sys
    Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
    Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
    Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
    Loaded driver \SystemRoot\System32\Drivers\msrpc.sys
    Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
    Loaded driver \SystemRoot\System32\Drivers\cng.sys
    Loaded driver \SystemRoot\System32\drivers\pcw.sys
    Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.sys
    Loaded driver \SystemRoot\system32\drivers\ndis.sys
    Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
    Loaded driver \SystemRoot\System32\Drivers\ksecpkg.sys
    Loaded driver \SystemRoot\System32\drivers\tcpip.sys
    Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys
    Loaded driver \SystemRoot\system32\drivers\vmstorfl.sys
    Loaded driver \SystemRoot\system32\drivers\volsnap.sys
    Loaded driver \SystemRoot\System32\Drivers\spldr.sys
    Loaded driver \SystemRoot\System32\drivers\rdyboost.sys
    Loaded driver \SystemRoot\System32\Drivers\mup.sys
    Loaded driver \SystemRoot\System32\drivers\hwpolicy.sys
    Loaded driver \SystemRoot\System32\DRIVERS\fvevol.sys
    Loaded driver \SystemRoot\system32\drivers\disk.sys
    Loaded driver \SystemRoot\system32\drivers\CLASSPNP.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
    Loaded driver \SystemRoot\System32\Drivers\aswSnx.SYS
    Loaded driver \SystemRoot\System32\Drivers\Null.SYS
    Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
    Loaded driver \SystemRoot\System32\drivers\vga.sys
    Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
    Loaded driver \SystemRoot\system32\drivers\rdpencdd.sys
    Loaded driver \SystemRoot\system32\drivers\rdprefmp.sys
    Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
    Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\tdx.sys
    Loaded driver \SystemRoot\System32\Drivers\aswTdi.SYS
    Loaded driver \SystemRoot\system32\drivers\afd.sys
    Loaded driver \SystemRoot\System32\Drivers\aswRdr.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
    Loaded driver \SystemRoot\system32\DRIVERS\wfplwf.sys
    Loaded driver \SystemRoot\system32\DRIVERS\pacer.sys
    Loaded driver \SystemRoot\system32\DRIVERS\vwififlt.sys
    Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
    Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
    Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
    Loaded driver \SystemRoot\system32\drivers\nsiproxy.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
    Loaded driver \SystemRoot\System32\drivers\discache.sys
    Loaded driver \SystemRoot\system32\drivers\csc.sys
    Loaded driver \SystemRoot\System32\Drivers\dfsc.sys
    Loaded driver \SystemRoot\system32\DRIVERS\blbdrive.sys
    Loaded driver \SystemRoot\System32\Drivers\aswSP.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\AppleCharger.sys
    Loaded driver \SystemRoot\system32\DRIVERS\tunnel.sys
    Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
    Loaded driver \SystemRoot\system32\DRIVERS\nusb3xhc.sys
    Loaded driver \SystemRoot\system32\DRIVERS\atikmdag.sys
    Loaded driver \SystemRoot\System32\drivers\dxgkrnl.sys
    Loaded driver \SystemRoot\system32\DRIVERS\atikmpag.sys
    Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
    Loaded driver \SystemRoot\system32\DRIVERS\Rt64win7.sys
    Loaded driver \SystemRoot\system32\DRIVERS\1394ohci.sys
    Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys
    Loaded driver \SystemRoot\system32\DRIVERS\CompositeBus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\AgileVpn.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
    Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
    Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
    Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rassstp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rdpbus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
    Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
    Loaded driver \SystemRoot\system32\DRIVERS\umbus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\nusb3hub.sys
    Did not load driver \SystemRoot\System32\drivers\vga.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
    Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Loaded driver \SystemRoot\system32\drivers\AtihdW76.sys
    Loaded driver \SystemRoot\system32\drivers\ksthunk.sys
    Loaded driver \SystemRoot\system32\drivers\RTKVHD64.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
    Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
    Loaded driver \SystemRoot\system32\drivers\usbaudio.sys
    Loaded driver \SystemRoot\System32\Drivers\usbvideo.sys
    Loaded driver \SystemRoot\system32\DRIVERS\monitor.sys
    Loaded driver \SystemRoot\system32\drivers\luafv.sys
    Loaded driver \??\C:\Windows\system32\drivers\aswMonFlt.sys
    Loaded driver \SystemRoot\System32\Drivers\aswFsBlk.SYS
    Loaded driver \SystemRoot\system32\drivers\WudfPf.sys
    Loaded driver \SystemRoot\system32\DRIVERS\lltdio.sys
    Loaded driver \SystemRoot\system32\DRIVERS\nwifi.sys
    Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rspndr.sys
    Loaded driver \SystemRoot\system32\drivers\HTTP.sys
    Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys
    Loaded driver \SystemRoot\System32\drivers\mpsdrv.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    Loaded driver \??\C:\Windows\system32\Drivers\rikvm_9EC60124.sys
    Did not load driver \??\C:\Windows\SysWow64\drivers\pdihwctl.sys
    Loaded driver \SystemRoot\system32\drivers\peauth.sys
    Loaded driver \SystemRoot\System32\Drivers\secdrv.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\srvnet.sys
    Loaded driver \SystemRoot\System32\drivers\tcpipreg.sys
    Loaded driver \SystemRoot\System32\DRIVERS\srv2.sys
    Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
    Did not load driver \SystemRoot\System32\DRIVERS\srv.sys
    Loaded driver \SystemRoot\system32\DRIVERS\asyncmac.sys




    If anyone here could shed some light I'd be very grateful. Please let me know if there is anything else I could add to this post that would be helpful in analyzing.

    Thanks
    Sho
     
    chi_kigirl, Jul 18, 2011
    #1
  2. plodr

    plodr Major Geek Super Extraordinaire

    Test your RAM. I can't recommend what to use because the test I use is for x86 computers and you are running a 64bit OS.
     
    plodr, Jul 18, 2011
    #2
  3. satrow

    satrow Major Geek Extraordinaire

    Hi,

    There is a problem with your debugger settings. Can you copy the minidump to your Desktop, zip then attach it please, I'll try to debug it further.

    While you wait for me to do that, please download MemTest86+ and create a CD from the ISO to boot from and run memory tests as plodr suggests; 7 full runs should be enough to show any errors. When booting from a diagnostic CD, 32-bit is fine :)
     
    satrow, Jul 18, 2011
    #3
  4. chi_kigirl

    chi_kigirl Private E-2

    Thanks for your help guys. It is very much appreciated.

    satrow, I have attached a zip file containing the minidump file.

    The one I referenced here in this post is dated 07-16-2011. I was looking though the earlier minidumps and am unsure if these other dumps contain helpful info. They don't all reference memory corruption as being the problem. e.g some reference Ntfs.sys as the cause.

    In the meantime as you suggest I will run the memory test tonight as see what happens.
     

    Attached Files:

    chi_kigirl, Jul 19, 2011
    #4
  5. thisisu

    thisisu Malware Consultant

    I'm suspecting malware.. but I always seem to suspect this :(
     
    thisisu, Jul 19, 2011
    #5
  6. chi_kigirl

    chi_kigirl Private E-2

    Guys,

    I ran the memory test last night. Did 8 passes. No errors.

    Sho
     
    chi_kigirl, Jul 19, 2011
    #6
  7. satrow

    satrow Major Geek Extraordinaire

    MEMORY_MANAGEMENT (1a), most recent first:
    Code:
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\071611-13494-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff800`02e5f000 PsLoadedModuleList = 0xfffff800`030a4650
Debug session time: Sat Jul 16 23:38:11.300 2011 (UTC + 1:00)
System Uptime: 0 days 0:03:04.610
Loading Kernel Symbols
...............................................................
................................................................
..............................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41790, fffffa80064ff5c0, ffff, 0}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+360e8 )

Followup: MachineOwner
---------

11: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa80064ff5c0
Arg3: 000000000000ffff
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_41790

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  LogonUI.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80002f4cf08 to fffff80002eded00

STACK_TEXT:  
fffff880`0af93fb8 fffff800`02f4cf08 : 00000000`0000001a 00000000`00041790 fffffa80`064ff5c0 00000000`0000ffff : nt!KeBugCheckEx
fffff880`0af93fc0 fffff800`02eb0606 : fffffa80`0bbe3560 fffffa80`00000000 fffff8a0`00000bd6 fffff880`00000000 : nt! ?? ::FNODOBFM::`string'+0x360e8
fffff880`0af94870 fffff800`031b420a : fffff8a0`02d565f0 fffff880`0af94c20 00000000`00000000 fffffa80`0a553810 : nt!MmCleanProcessAddressSpace+0x96
fffff880`0af948c0 fffff800`0319951d : 00000000`000000ff 00000000`00000001 000007ff`fffde000 fffffa80`0bedf640 : nt!PspExitThread+0x56a
fffff880`0af949c0 fffff800`02ed247a : fffffa80`0bbe3560 fffff8a0`088cbd00 00000000`00000000 fffff800`031821bf : nt!PsExitSpecialApc+0x1d
fffff880`0af949f0 fffff800`02ed27c0 : 00000000`0023e720 fffff880`0af94a70 fffff800`03199490 00000000`00000001 : nt!KiDeliverApc+0x2ca
fffff880`0af94a70 fffff800`02ede037 : fffffa80`0a553810 00000000`0023e608 fffff880`0af94bc8 fffff800`031d5bc4 : nt!KiInitiateUserApc+0x70
fffff880`0af94bb0 00000000`771618ca : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9c
00000000`0023e5e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x771618ca


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+360e8
fffff800`02f4cf08 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+360e8

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4d9fdd5b

FAILURE_BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+360e8

BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+360e8

Followup: MachineOwner
---------


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\071411-13681-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff800`02e00000 PsLoadedModuleList = 0xfffff800`03045650
Debug session time: Fri Jul 15 03:09:06.564 2011 (UTC + 1:00)
System Uptime: 0 days 0:00:31.874
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41790, fffffa8007c28a60, ffff, 0}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+360e8 )

Followup: MachineOwner
---------

6: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa8007c28a60
Arg3: 000000000000ffff
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_41790

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  LSSrvc.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80002eedf08 to fffff80002e7fd00

STACK_TEXT:  
fffff880`06312198 fffff800`02eedf08 : 00000000`0000001a 00000000`00041790 fffffa80`07c28a60 00000000`0000ffff : nt!KeBugCheckEx
fffff880`063121a0 fffff800`02e51606 : fffffa80`0b81c060 fffffa80`00000000 fffff8a0`00000028 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x360e8
fffff880`06312a50 fffff800`0315520a : fffff8a0`028004d0 00000000`00000001 00000000`00000000 fffffa80`0b820230 : nt!MmCleanProcessAddressSpace+0x96
fffff880`06312aa0 fffff800`0313887c : 00000000`c0000005 00000000`00000001 00000000`7efdb000 00000000`00000000 : nt!PspExitThread+0x56a
fffff880`06312ba0 fffff800`02e7ef93 : fffffa80`0b81c060 00000000`c0000005 fffffa80`0b820230 ffffffff`ffffffff : nt!NtTerminateProcess+0x138
fffff880`06312c20 00000000`776c15da : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0008e318 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x776c15da


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+360e8
fffff800`02eedf08 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+360e8

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4d9fdd5b

FAILURE_BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+360e8

BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+360e8

Followup: MachineOwner
---------

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\071011-13712-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff800`02e58000 PsLoadedModuleList = 0xfffff800`0309d650
Debug session time: Sun Jul 10 17:49:29.893 2011 (UTC + 1:00)
System Uptime: 0 days 0:00:21.202
Loading Kernel Symbols
...............................................................
................................................................
..............................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41790, fffffa8007b63ba0, ffff, 0}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+36024 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa8007b63ba0
Arg3: 000000000000ffff
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_41790

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  avast.setup

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80002f45e40 to fffff80002ed7d00

STACK_TEXT:  
fffff880`07cef958 fffff800`02f45e40 : 00000000`0000001a 00000000`00041790 fffffa80`07b63ba0 00000000`0000ffff : nt!KeBugCheckEx
fffff880`07cef960 fffff800`02ec517f : fffffa80`00000000 00000000`02b50fff 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x36024
fffff880`07cefb20 fffff800`02ed6f93 : ffffffff`ffffffff 00000000`001ddcc0 00000000`001ddcb8 00000000`00008000 : nt!NtFreeVirtualMemory+0x61f
fffff880`07cefc20 00000000`771b14fa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`001ddc88 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x771b14fa


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+36024
fffff800`02f45e40 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+36024

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4d9fdd5b

FAILURE_BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+36024

BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+36024

Followup: MachineOwner
---------


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\070811-14835-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff800`02e05000 PsLoadedModuleList = 0xfffff800`0304a650
Debug session time: Fri Jul  8 17:50:19.066 2011 (UTC + 1:00)
System Uptime: 0 days 0:00:20.375
Loading Kernel Symbols
...............................................................
................................................................
................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41790, fffffa8007af5800, ffff, 0}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+360e8 )

Followup: MachineOwner
---------

11: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa8007af5800
Arg3: 000000000000ffff
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_41790

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  setup.ovr

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80002ef2f08 to fffff80002e84d00

STACK_TEXT:  
fffff880`06338198 fffff800`02ef2f08 : 00000000`0000001a 00000000`00041790 fffffa80`07af5800 00000000`0000ffff : nt!KeBugCheckEx
fffff880`063381a0 fffff800`02e56606 : fffffa80`0ab67060 fffffa80`00000000 fffff8a0`00000262 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x360e8
fffff880`06338a50 fffff800`0315a20a : fffff8a0`01edc940 00000000`00000001 00000000`00000000 fffffa80`0aba6060 : nt!MmCleanProcessAddressSpace+0x96
fffff880`06338aa0 fffff800`0313d87c : 00000000`20000011 00000000`00000001 00000000`7efdb000 00000000`00000000 : nt!PspExitThread+0x56a
fffff880`06338ba0 fffff800`02e83f93 : fffffa80`0ab67060 00000000`20000011 fffffa80`0aba6060 00000000`00000000 : nt!NtTerminateProcess+0x138
fffff880`06338c20 00000000`772215da : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`005bdda8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x772215da


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+360e8
fffff800`02ef2f08 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+360e8

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4d9fdd5b

FAILURE_BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+360e8

BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+360e8

Followup: MachineOwner
---------


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\062611-13962-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff800`02e56000 PsLoadedModuleList = 0xfffff800`0309b650
Debug session time: Sun Jun 26 19:36:40.872 2011 (UTC + 1:00)
System Uptime: 0 days 0:00:13.793
Loading Kernel Symbols
...............................................................
................................................................
.......
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41790, fffffa8008404fe0, ffff, 0}

Probably caused by : win32k.sys ( win32k!EngUnmapFontFileFD+8a )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa8008404fe0
Arg3: 000000000000ffff
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_41790

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  csrss.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80002f43e40 to fffff80002ed5d00

STACK_TEXT:  
fffff880`072621f8 fffff800`02f43e40 : 00000000`0000001a 00000000`00041790 fffffa80`08404fe0 00000000`0000ffff : nt!KeBugCheckEx
fffff880`07262200 fffff800`02f095d9 : 00000000`00000000 00000000`02889fff fffff900`00000000 fffff900`c008e80c : nt! ?? ::FNODOBFM::`string'+0x36024
fffff880`072623c0 fffff800`031ec8b1 : fffffa80`0afa3a00 00000000`00000000 fffffa80`0af819a0 fffffa80`0af819a0 : nt!MiRemoveMappedView+0xd9
fffff880`072624e0 fffff960`001185fe : fffff900`00000000 fffff900`c008b3c8 00000000`00000001 00000000`00000001 : nt!MiUnmapViewOfSection+0x1b1
fffff880`072625a0 fffff960`0011a675 : fffff900`c008b3c0 fffffa80`0afae980 fffff900`c008b3c0 00000000`00000001 : win32k!EngUnmapFontFileFD+0x8a
fffff880`07262600 fffff960`000b4e96 : fffff900`c0081000 fffff900`c0081000 00000000`00000021 00000000`00000104 : win32k!PUBLIC_PFTOBJ::bLoadFonts+0x915
fffff880`07262730 fffff960`000b4ce4 : 00000000`00000000 fffff900`c0091bb0 fffff900`c0099f90 00000000`0000007f : win32k!PUBLIC_PFTOBJ::bLoadAFont+0xa6
fffff880`072627b0 fffff960`000b4a1a : fffff8a0`011343e8 00000000`00000015 fffffa80`00000000 00000000`ffffffff : win32k!ParseFontLinkEntry+0x3a8
fffff880`07262870 fffff800`032093ec : fffff8a0`011343a2 fffff8a0`011343e4 fffff8a0`011343e8 fffff960`00387660 : win32k!BuildAndLoadLinkedFontRoutine+0x9e
fffff880`072628b0 fffff800`03210bd0 : 00000000`c0000023 00000000`00000000 fffff960`00387660 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x13eb1
fffff880`07262930 fffff960`000b6a74 : 00000000`00000208 fffff900`c0097df0 fffff900`c0088700 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x236c4
fffff880`07262a00 fffff960`000b68ac : 00000000`00000000 00000000`00000208 00000000`00000088 00000000`0000007f : win32k!BuildAndLoadLinkedFontRoutine+0x140
fffff880`07262a40 fffff960`000b6609 : 00000000`00000000 fffff880`07262ca0 00000000`00000048 00000000`00000000 : win32k!BuildAndLoadLinkedFontRoutine+0x3c8
fffff880`07262ae0 fffff960`000b5772 : 00000000`000004e4 fffff880`072601b5 00000000`000030fb 00000000`00000000 : win32k!bInitializeEUDC+0x1b9
fffff880`07262b30 fffff960`000b5830 : fffffa80`00000000 ffffffff`80000294 fffffa80`0a0f8b30 000007fe`fd48e740 : win32k!InitializeGreCSRSS+0x292
fffff880`07262be0 fffff800`02ed4f93 : fffffa80`0adc1b60 00000000`001f0003 00000000`00000007 00000000`0028f8d8 : win32k!NtUserInitialize+0xa0
fffff880`07262c20 000007fe`fd4239fa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0028f858 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`fd4239fa


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!EngUnmapFontFileFD+8a
fffff960`001185fe 48837c242800    cmp     qword ptr [rsp+28h],0

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  win32k!EngUnmapFontFileFD+8a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4de066b3

FAILURE_BUCKET_ID:  X64_0x1a_41790_win32k!EngUnmapFontFileFD+8a

BUCKET_ID:  X64_0x1a_41790_win32k!EngUnmapFontFileFD+8a

Followup: MachineOwner
---------


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\061011-20061-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff800`02e4b000 PsLoadedModuleList = 0xfffff800`03090650
Debug session time: Fri Jun 10 18:21:52.817 2011 (UTC + 1:00)
System Uptime: 0 days 0:03:27.127
Loading Kernel Symbols
...............................................................
................................................................
.................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41790, fffffa8006fbf640, ffff, 0}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+360e8 )

Followup: MachineOwner
---------

10: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa8006fbf640
Arg3: 000000000000ffff
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_41790

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80002f38f08 to fffff80002ecad00

STACK_TEXT:  
fffff880`0b327fb8 fffff800`02f38f08 : 00000000`0000001a 00000000`00041790 fffffa80`06fbf640 00000000`0000ffff : nt!KeBugCheckEx
fffff880`0b327fc0 fffff800`02e9c606 : fffffa80`09801650 fffffa80`00001580 fffff8a0`00001dd4 fffff880`00000000 : nt! ?? ::FNODOBFM::`string'+0x360e8
fffff880`0b328870 fffff800`031a020a : fffff8a0`079e7060 fffff880`0b328c20 00000000`00000000 fffffa80`09b30660 : nt!MmCleanProcessAddressSpace+0x96
fffff880`0b3288c0 fffff800`0318551d : 00000000`000000ff fffffa80`0b835f01 000007ff`fff9a000 00000000`00000000 : nt!PspExitThread+0x56a
fffff880`0b3289c0 fffff800`02ebe47a : fffffa80`0b835f10 00000000`0000008c fffffa80`0b835ee0 fffff800`031e5137 : nt!PsExitSpecialApc+0x1d
fffff880`0b3289f0 fffff800`02ebe7c0 : 00000000`01fcf760 fffff880`0b328a70 fffff800`03185490 00000000`00000001 : nt!KiDeliverApc+0x2ca
fffff880`0b328a70 fffff800`02eca037 : fffffa80`09b30660 00000000`01fcf648 fffff880`0b328bc8 fffffa80`00000000 : nt!KiInitiateUserApc+0x70
fffff880`0b328bb0 00000000`770118ca : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9c
00000000`01fcf628 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x770118ca


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+360e8
fffff800`02f38f08 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+360e8

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4d9fdd5b

FAILURE_BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+360e8

BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+360e8

Followup: MachineOwner
---------
    Others, latest at the top:
    Code:
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\070611-14570-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff800`02250000 PsLoadedModuleList = 0xfffff800`02495650
Debug session time: Wed Jul  6 16:06:10.155 2011 (UTC + 1:00)
System Uptime: 0 days 0:00:38.402
Loading Kernel Symbols
...............................................................
................................................................
.............................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 101, {11, 0, fffff88001e5d180, 2}

Unable to load image \SystemRoot\system32\DRIVERS\intelppm.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for intelppm.sys
*** ERROR: Module load completed but symbols could not be loaded for intelppm.sys
Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CLOCK_WATCHDOG_TIMEOUT (101)
An expected clock interrupt was not received on a secondary processor in an
MP system within the allocated interval. This indicates that the specified
processor is hung and not processing interrupts.
Arguments:
Arg1: 0000000000000011, Clock interrupt time out interval in nominal clock ticks.
Arg2: 0000000000000000, 0.
Arg3: fffff88001e5d180, The PRCB address of the hung processor.
Arg4: 0000000000000002, 0.

Debugging Details:
------------------


BUGCHECK_STR:  CLOCK_WATCHDOG_TIMEOUT_c_PROC

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  d

STACK_TEXT:  
fffff800`00b8a938 fffff800`023278f9 : 00000000`00000101 00000000`00000011 00000000`00000000 fffff880`01e5d180 : nt!KeBugCheckEx
fffff800`00b8a940 fffff800`022da4b7 : fffffa80`00000000 fffff800`00000002 00000000`00026161 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4e2e
fffff800`00b8a9d0 fffff800`02211895 : fffff800`02237460 fffff800`00b8ab80 fffff800`02237460 00000000`00000000 : nt!KeUpdateSystemTime+0x377
fffff800`00b8aad0 fffff800`022cc233 : fffff800`02442e80 fffff800`022db7b0 ffffffff`fff0bdc0 fffff800`02442e80 : hal!HalpHpetClockInterrupt+0x8d
fffff800`00b8ab00 fffff880`037df9c2 : fffff800`022d9509 00000000`002fa67c fffffa80`09d47948 00000000`00000000 : nt!KiInterruptDispatchNoLock+0x163
fffff800`00b8ac98 fffff800`022d9509 : 00000000`002fa67c fffffa80`09d47948 00000000`00000000 00000000`00000000 : intelppm+0x39c2
fffff800`00b8aca0 fffff800`022c79fc : fffff800`02442e80 fffff800`00000000 00000000`00000000 fffff880`00c054c0 : nt!PoIdle+0x52a
fffff800`00b8ad80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x2c


STACK_COMMAND:  kb

SYMBOL_NAME:  ANALYSIS_INCONCLUSIVE

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME:  Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP:  0

FAILURE_BUCKET_ID:  X64_CLOCK_WATCHDOG_TIMEOUT_c_PROC_ANALYSIS_INCONCLUSIVE

BUCKET_ID:  X64_CLOCK_WATCHDOG_TIMEOUT_c_PROC_ANALYSIS_INCONCLUSIVE

Followup: MachineOwner
---------


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\070611-14461-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff800`02e12000 PsLoadedModuleList = 0xfffff800`03057650
Debug session time: Wed Jul  6 15:52:17.902 2011 (UTC + 1:00)
System Uptime: 0 days 0:00:14.823
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007E, {ffffffffc0000005, fffff880010c2513, fffff8800351d438, fffff8800351cc90}

Probably caused by : fileinfo.sys ( fileinfo!FIStreamLog+3f )

Followup: MachineOwner
---------

10: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff880010c2513, The address that the exception occurred at
Arg3: fffff8800351d438, Exception Record Address
Arg4: fffff8800351cc90, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
fileinfo!FIStreamLog+3f
fffff880`010c2513 f6407c01        test    byte ptr [rax+7Ch],1

EXCEPTION_RECORD:  fffff8800351d438 -- (.exr 0xfffff8800351d438)
ExceptionAddress: fffff880010c2513 (fileinfo!FIStreamLog+0x000000000000003f)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

CONTEXT:  fffff8800351cc90 -- (.cxr 0xfffff8800351cc90)
rax=0032003900430030 rbx=fffff8800351d790 rcx=fffff8800351d790
rdx=fffffa80096ca2c0 rsi=0000000000000002 rdi=0000000000000000
rip=fffff880010c2513 rsp=fffff8800351d670 rbp=fffffa800b2bfb80
 r8=fffff8a0009b13e8  r9=fffff8a0009b13c0 r10=0000000000401802
r11=0000000000000000 r12=fffff8800351d7e0 r13=fffffa8009ddc6e0
r14=00000000c00000bb r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
fileinfo!FIStreamLog+0x3f:
fffff880`010c2513 f6407c01        test    byte ptr [rax+7Ch],1 ds:002b:00320039`004300ac=??
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030c1100
 ffffffffffffffff 

FOLLOWUP_IP: 
fileinfo!FIStreamLog+3f
fffff880`010c2513 f6407c01        test    byte ptr [rax+7Ch],1

BUGCHECK_STR:  0x7E

LAST_CONTROL_TRANSFER:  from fffff880010c343b to fffff880010c2513

STACK_TEXT:  
fffff880`0351d670 fffff880`010c343b : fffff8a0`00000000 fffff8a0`009b13c0 00000000`00000002 fffffa80`09f72d60 : fileinfo!FIStreamLog+0x3f
fffff880`0351d740 fffff880`010c0563 : fffffa80`0b2bfb80 fffffa80`0b2bfb80 fffffa80`0b2bfb0c fffffa80`0b2bfb80 : fileinfo!FIEnumerate+0x117
fffff880`0351d7c0 fffff880`010c060b : fffff8a0`0185c5d0 fffff880`0351d950 00000000`00000000 fffff880`0351d950 : fileinfo!FIControlDispatchSystemControl+0x73
fffff880`0351d800 fffff800`0312ad10 : fffffa80`09ddc6e0 fffffa80`0b2bfb0c fffffa80`0b2bfb80 fffffa80`0b2bfb0c : fileinfo!FIControlDispatch+0x4b
fffff880`0351d840 fffff800`03259936 : 00000000`0000000c 00000000`0000000c 00000000`00000001 fffffa80`0b2bfb80 : nt!WmipForwardWmiIrp+0x16c
fffff880`0351d8c0 fffff800`0325a45b : fffff880`0351da28 fffffa80`09707f01 00000000`0000000c 00000000`00000000 : nt!WmipSendWmiIrpToTraceDeviceList+0xe6
fffff880`0351d920 fffff800`0326ae44 : fffffa80`09707c00 00000000`00000001 fffff8a0`0185c5d0 fffffa80`09707c80 : nt!WmiTraceRundownNotify+0x6b
fffff880`0351d970 fffff800`032d6a6c : 00000000`00401802 fffffa80`09707f28 fffffa80`09707c80 00000000`00000000 : nt!EtwpKernelTraceRundown+0xc4
fffff880`0351d9a0 fffff800`032d6f5c : 00000000`00000000 fffff8a0`01871350 00000000`00000080 fffffa80`0973b040 : nt!EtwpUpdateLoggerGroupMasks+0x22c
fffff880`0351daa0 fffff800`030e5e92 : 00000000`00000000 fffffa80`09707c80 fffff800`03037928 00000000`00000000 : nt!EtwpUpdateTrace+0x36c
fffff880`0351db20 fffff800`032fdd56 : 00000000`00000008 00000000`00000001 00000000`000000d8 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x59ece
fffff880`0351db90 fffff800`032fdf5a : fffffa80`00000010 ffffffff`80000ab8 ffffffff`ffffffff 00000000`000005b8 : nt!PerfDiagpUpdateCKCLEnableFlags+0xe6
fffff880`0351dc70 fffff800`02e9c021 : fffff800`0302f200 fffff800`032fdd70 fffff800`0302f2b8 fffffa80`09758b60 : nt!PerfDiagpProxyWorker+0x1ea
fffff880`0351dcb0 fffff800`0312e32e : 00000000`00000000 fffffa80`09758b60 00000000`00000080 fffffa80`0973b040 : nt!ExpWorkerThread+0x111
fffff880`0351dd40 fffff800`02e83666 : fffff880`03331180 fffffa80`09758b60 fffff880`0333c1c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`0351dd80 00000000`00000000 : fffff880`0351e000 fffff880`03518000 fffff880`0351d470 00000000`00000000 : nt!KiStartSystemThread+0x16


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  fileinfo!FIStreamLog+3f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: fileinfo

IMAGE_NAME:  fileinfo.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc481

STACK_COMMAND:  .cxr 0xfffff8800351cc90 ; kb

FAILURE_BUCKET_ID:  X64_0x7E_fileinfo!FIStreamLog+3f

BUCKET_ID:  X64_0x7E_fileinfo!FIStreamLog+3f

Followup: MachineOwner
---------


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\061711-30763-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff800`01e4e000 PsLoadedModuleList = 0xfffff800`02093650
Debug session time: Fri Jun 17 21:23:59.791 2011 (UTC + 1:00)
System Uptime: 0 days 0:00:14.882
Loading Kernel Symbols
...............................................................
..............
Loading User Symbols
Loading unloaded module list
.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {1904fb, fffff88002327b38, fffff88002327390, fffff80001ec5c25}

Probably caused by : Ntfs.sys ( Ntfs! ?? ::FNODOBFM::`string'+2b49 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff88002327b38
Arg3: fffff88002327390
Arg4: fffff80001ec5c25

Debugging Details:
------------------


EXCEPTION_RECORD:  fffff88002327b38 -- (.exr 0xfffff88002327b38)
ExceptionAddress: fffff80001ec5c25 (nt!ExpInterlockedPopEntrySListFault16)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

CONTEXT:  fffff88002327390 -- (.cxr 0xfffff88002327390)
rax=000000000d640030 rbx=0000000000000001 rcx=fffff8000204ec00
rdx=00fffff8a0005b81 rsi=fffff800020fd8d0 rdi=0000000000000000
rip=fffff80001ec5c25 rsp=fffff88002327d70 rbp=fffff88002327dc0
 r8=00fffff8a0005b80  r9=fffff80001e4e000 r10=fffff8000204ec00
r11=0000000000000001 r12=fffffa80096c7000 r13=0000000000000020
r14=0000000000000000 r15=0000000000001000
iopl=0         nv up ei pl nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
nt!ExpInterlockedPopEntrySListFault16:
fffff800`01ec5c25 498b08          mov     rcx,qword ptr [r8] ds:002b:00fffff8`a0005b80=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800020fd100
 ffffffffffffffff 

FOLLOWUP_IP: 
Ntfs! ?? ::FNODOBFM::`string'+2b49
fffff880`0124ea88 cc              int     3

FAULTING_IP: 
nt!ExpInterlockedPopEntrySListFault16+0
fffff800`01ec5c25 498b08          mov     rcx,qword ptr [r8]

BUGCHECK_STR:  0x24

LAST_CONTROL_TRANSFER:  from fffff80001ef06ba to fffff80001ec5c25

STACK_TEXT:  
fffff880`02326b58 fffff880`0124ea88 : 00000000`00000024 00000000`001904fb fffff880`02327b38 fffff880`02327390 : nt!KeBugCheckEx
fffff880`02326b60 fffff880`0126aeac : fffff880`01294c7c fffff880`02328bd0 fffff880`02328bd0 00000000`00010286 : Ntfs! ?? ::FNODOBFM::`string'+0x2b49
fffff880`02326ba0 fffff800`01ef9adc : fffff880`02327b38 fffff880`02327390 00000000`00000000 fffff880`01262550 : Ntfs! ?? ::FNODOBFM::`string'+0x1127
fffff880`02326be0 fffff800`01ef955d : fffff880`01294c70 fffff880`02328bd0 00000000`00000000 fffff880`01249000 : nt!_C_specific_handler+0x8c
fffff880`02326c50 fffff800`01ef8335 : fffff880`01294c70 fffff880`02326cc8 fffff880`02327b38 fffff880`01249000 : nt!RtlpExecuteHandlerForException+0xd
fffff880`02326c80 fffff800`01f093b1 : fffff880`02327b38 fffff880`02327390 fffff880`00000000 00000000`00000000 : nt!RtlDispatchException+0x415
fffff880`02327360 fffff800`01ecd382 : fffff880`02327b38 00000000`00000001 fffff880`02327be0 fffff800`020fd8d0 : nt!KiDispatchException+0x135
fffff880`02327a00 fffff800`01ecbc8a : 00000000`00000002 fffff800`01ed57af fffff880`02328030 fffffa80`09c29030 : nt!KiExceptionDispatch+0xc2
fffff880`02327be0 fffff800`01ec5c25 : 00000000`00000001 fffff800`01ef06ba fffffa80`0a246010 00000000`00060001 : nt!KiGeneralProtectionFault+0x10a
fffff880`02327d70 fffff800`01ef06ba : fffffa80`0a246010 00000000`00060001 00001000`00000000 fffffa80`0a246010 : nt!ExpInterlockedPopEntrySListFault16
fffff880`02327d80 fffff800`01ff6f86 : fffffa80`096c8140 00000000`00000081 00000000`80000001 fffff880`00000000 : nt!MiAllocatePagedPoolPages+0xda
fffff880`02327ea0 fffff800`01ff93f6 : fffffa80`096c8140 00000000`00000081 00000000`80000001 fffff880`01255b84 : nt!MiAllocatePoolPages+0x906
fffff880`02327fe0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExAllocatePoolWithTag+0x316


STACK_COMMAND:  kb

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  Ntfs! ?? ::FNODOBFM::`string'+2b49

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce792f9

FAILURE_BUCKET_ID:  X64_0x24_Ntfs!_??_::FNODOBFM::_string_+2b49

BUCKET_ID:  X64_0x24_Ntfs!_??_::FNODOBFM::_string_+2b49

Followup: MachineOwner
---------


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\060411-20779-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17592.amd64fre.win7sp1_gdr.110408-1631
Machine Name:
Kernel base = 0xfffff800`0d613000 PsLoadedModuleList = 0xfffff800`0d858650
Debug session time: Sat Jun  4 23:42:06.302 2011 (UTC + 1:00)
System Uptime: 0 days 0:00:17.596
Loading Kernel Symbols
...............................................................
................................................................
.........
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {1904fb, fffff88003508898, fffff880035080f0, fffff88001226b21}

Probably caused by : Ntfs.sys ( Ntfs!NtfsReleaseFcbWithPaging+41 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff88003508898
Arg3: fffff880035080f0
Arg4: fffff88001226b21

Debugging Details:
------------------


EXCEPTION_RECORD:  fffff88003508898 -- (.exr 0xfffff88003508898)
ExceptionAddress: fffff88001226b21 (Ntfs!NtfsReleaseFcbWithPaging+0x0000000000000041)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000001
   Parameter[1]: 0000000000000009
Attempt to write to address 0000000000000009

CONTEXT:  fffff880035080f0 -- (.cxr 0xfffff880035080f0)
rax=fffffa800bd56d28 rbx=fffff8a000faeb40 rcx=0000000000000001
rdx=fffff8a000faeb40 rsi=fffff8a000faeb40 rdi=fffffa800bcd2b60
rip=fffff88001226b21 rsp=fffff88003508ad0 rbp=fffff8000d830260
 r8=0000000000000000  r9=0000000000000001 r10=fffff8a000faeb40
r11=fffff88003508b52 r12=fffffa800a9aa180 r13=0000000000000001
r14=0000000000000000 r15=0000000000000001
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
Ntfs!NtfsReleaseFcbWithPaging+0x41:
fffff880`01226b21 48894108        mov     qword ptr [rcx+8],rax ds:002b:00000000`00000009=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000001

EXCEPTION_PARAMETER2:  0000000000000009

WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff8000d8c2100
 0000000000000009 

FOLLOWUP_IP: 
Ntfs!NtfsReleaseFcbWithPaging+41
fffff880`01226b21 48894108        mov     qword ptr [rcx+8],rax

FAULTING_IP: 
Ntfs!NtfsReleaseFcbWithPaging+41
fffff880`01226b21 48894108        mov     qword ptr [rcx+8],rax

BUGCHECK_STR:  0x24

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER:  from fffff880012b57bb to fffff88001226b21

STACK_TEXT:  
fffff880`03508ad0 fffff880`012b57bb : fffffa80`0bcd2b60 fffff8a0`00faeb40 fffff8a0`00faeb40 00000000`00000009 : Ntfs!NtfsReleaseFcbWithPaging+0x41
fffff880`03508b10 fffff880`012a4357 : fffffa80`0bcd2b60 fffff8a0`00faec70 fffff8a0`00faeb40 fffffa80`0a9aa180 : Ntfs!NtfsCommonClose+0x978
fffff880`03508be0 fffff800`0d69d021 : 00000000`00000000 fffff800`0d830200 fffff800`0d891800 00000000`00000005 : Ntfs!NtfsFspClose+0x15f
fffff880`03508cb0 fffff800`0d92f32e : 00000000`00000000 fffffa80`09831040 00000000`00000080 fffffa80`0970a9e0 : nt!ExpWorkerThread+0x111
fffff880`03508d40 fffff800`0d684666 : fffff880`03331180 fffffa80`09831040 fffff880`0333c1c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03508d80 00000000`00000000 : fffff880`03509000 fffff880`03503000 fffff880`035089e0 00000000`00000000 : nt!KiStartSystemThread+0x16


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Ntfs!NtfsReleaseFcbWithPaging+41

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce792f9

STACK_COMMAND:  .cxr 0xfffff880035080f0 ; kb

FAILURE_BUCKET_ID:  X64_0x24_Ntfs!NtfsReleaseFcbWithPaging+41

BUCKET_ID:  X64_0x24_Ntfs!NtfsReleaseFcbWithPaging+41

Followup: MachineOwner
---------
    Usual causes, as listed at Carrona.org:
    3rd party drivers listed, from the most recent dump per BlueScreenview:
    Ok, that rules out at least one possibility. I'll try to comment on some of the things I can see, please bear in mind that I am in no way an expert in deciphering or debugging BSOD's.

    0x1a's: 6 of these, the first and last occuring in the 3-3.5 hour period after boot, the others in the range of 13-35 seconds. 3rd party drivers seen: Avast! x2 and LightScribe.

    Other BSOD's: 4 (3 types) all occuring between 14-38 seconds into boot. In the 101, intelppm.sys appeared to be corrupt. No 3rd party drivers seen.

    I'm really not sure about the cause of this, I think I'd uninstall Avast! and install MSE to test first.
     
    satrow, Jul 19, 2011
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds