BSOD: za każdym razem około 5 minut po włączeniu komputera - Wojtek.wk - 30.10.2012 22:59
Hej,
nie jestem pewien czy to odpowiedni dział, ale lepszego nie znalazłem. Mam taki bardzo wkurzający problem - po ok. 5 minut po każdym uruchomieniu komputera, dostaję niebieski ekran i komputer restartuje się. Po restarcie już działa w porządku (czasami zdarzy się, że BSOD pokaże się jeszcze raz).
Nie jestem pewien jakie logi przydadzą się do analizy, ale wklejam dumpy z programu BlueScreenView. Jak będzie trzeba, wykonam dodatkowe testy.
Będę bardzo wdzięczny za wszelką pomoc!
RE: BSOD 5 minut po uruchomieniu komputera - thermalfake - 30.10.2012 23:41
No jest sporo różnych ale ten raport jest bezwartościowy do analizy.
Pozrzucaj pliki *.dmp z C:\windows\minidump
Podrzuć także plik dziennika systemowego c:\Windows\System32\winevt\Logs\system.evtx
RE: BSOD 5 minut po uruchomieniu komputera - Wojtek.wk - 31.10.2012 16:26
(30.10.2012 23:41)thermalfake napisał(a): No jest sporo różnych ale ten raport jest bezwartościowy do analizy.
Pozrzucaj pliki *.dmp z C:\windows\minidump
Podrzuć także plik dziennika systemowego c:\Windows\System32\winevt\Logs\system.evtx
Dziękuję bardzo za odpowiedź! Pliki, o których piszesz, są w załączniku.
RE: BSOD 5 minut po uruchomieniu komputera - thermalfake - 01.11.2012 15:46
Pokręciłeś pliki
c:\Windows\System32\winevt\Logs\system.evtx a nie setup.evtx
Na razie same zrzuty, potem opiszę co i jak.
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\22\dump\Minidump\103012-23805-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
Machine Name:
Kernel base = 0xfffff800`0404f000 PsLoadedModuleList = 0xfffff800`04293670
Debug session time: Tue Oct 30 13: 57: 18.117 2012 (UTC + 1: 00)
System Uptime: 0 days 0: 07: 09.507
Loading Kernel Symbols
...............................................................
................................................................
..................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7F, {8, 80050031, 6f8, fffff800041087c7}
Probably caused by : ntkrnlmp.exe ( nt!KiDoubleFaultAbort+b2 )
Followup: MachineOwner
---------
3: kd> !analyze -v;r;kv;lmtn;.bugcheck;!sysinfo cpuinfo;!sysinfo machineid; !sysinfo cpuspeed; !sysinfo smbios
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff800041087c7
Debugging Details:
------------------
BUGCHECK_STR: 0x7f_8
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: firefox.exe
CURRENT_IRQL: 0
EXCEPTION_RECORD: fffff880039aa558 -- (.exr 0xfffff880039aa558)
ExceptionAddress: fffff800040f78f0 (nt!RtlDispatchException+0x0000000000000440)
ExceptionCode: 10000002
ExceptionFlags: 00000000
NumberParameters: 0
TRAP_FRAME: fffff880039aa600 -- (.trap 0xfffff880039aa600)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800040f78f0 rsp=fffff880039aa790 rbp=fffff880039ab648
r8=fffff880039aaea0 r9=fffff880039aa820 r10=0000000000000000
r11=fffff880039aa700 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po cy
nt!RtlDispatchException+0x440:
fffff800`040f78f0 0f84d4ca0000 je nt! ? : FNODOBFM: `string'+0x3006f (fffff800`041043ca) [br=0]
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800040cd569 to fffff800040cdfc0
STACK_TEXT:
fffff880`02fd9ce8 fffff800`040cd569 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`02fd9cf0 fffff800`040cba32 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`02fd9e30 fffff800`041087c7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2
fffff880`039a9d80 fffff800`040cd642 : fffff880`039aa558 fffff800`04211ff4 fffff880`039aa600 fffff800`0404f000 : nt!KiDispatchException+0xab
fffff880`039aa420 fffff800`040cb79f : fffff880`039aa600 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`039aa600 fffff800`040f78f0 : fffff800`04211ff4 fffff880`039aa7d8 fffff880`039ab648 fffff800`0404f000 : nt!KiInvalidOpcodeFault+0x11f
fffff880`039aa790 fffff800`04108851 : fffff880`039ab648 fffff880`039aaea0 fffff880`00000000 00000000`00000000 : nt!RtlDispatchException+0x440
fffff880`039aae70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x135
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiDoubleFaultAbort+b2
fffff800`040cba32 90 nop
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiDoubleFaultAbort+b2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 503f82be
FAILURE_BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
BUCKET_ID: X64_0x7f_8_nt!KiDoubleFaultAbort+b2
Followup: MachineOwner
---------
rax=fffff88002fd9df0 rbx=fffff880039aa558 rcx=000000000000007f
rdx=0000000000000008 rsi=fffff880039aa600 rdi=0000000000000000
rip=fffff800040cdfc0 rsp=fffff88002fd9ce8 rbp=fffff88002fd9eb0
r8=0000000080050031 r9=00000000000006f8 r10=fffff800041087c7
r11=00000000000004f7 r12=fffff880039a9db0 r13=000000000010001f
r14=fffff880039aa420 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000286
nt!KeBugCheckEx:
fffff800`040cdfc0 48894c2408 mov qword ptr [rsp+8],rcx ss: 0018: fffff880`02fd9cf0=000000000000007f
Child-SP RetAddr : Args to Child : Call Site
fffff880`02fd9ce8 fffff800`040cd569 : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffff880`02fd9cf0 fffff800`040cba32 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`02fd9e30 fffff800`041087c7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb2 (TrapFrame @ fffff880`02fd9e30)
fffff880`039a9d80 fffff800`040cd642 : fffff880`039aa558 fffff800`04211ff4 fffff880`039aa600 fffff800`0404f000 : nt!KiDispatchException+0xab
fffff880`039aa420 fffff800`040cb79f : fffff880`039aa600 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`039aa600 fffff800`040f78f0 : fffff800`04211ff4 fffff880`039aa7d8 fffff880`039ab648 fffff800`0404f000 : nt!KiInvalidOpcodeFault+0x11f (TrapFrame @ fffff880`039aa600)
fffff880`039aa790 fffff800`04108851 : fffff880`039ab648 fffff880`039aaea0 fffff880`00000000 00000000`00000000 : nt!RtlDispatchException+0x440
fffff880`039aae70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x135
start end module name
fffff800`00bbd000 fffff800`00bc7000 kdcom kdcom.dll Sat Feb 05 17: 52: 49 2011 (4D4D8061)
fffff800`04006000 fffff800`0404f000 hal hal.dll Sat Nov 20 14: 00: 25 2010 (4CE7C669)
fffff800`0404f000 fffff800`04637000 nt ntkrnlmp.exe Thu Aug 30 17: 11: 58 2012 (503F82BE)
fffff880`00c08000 fffff880`00c57000 mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Nov 20 14: 03: 51 2010 (4CE7C737)
fffff880`00c57000 fffff880`00c6b000 PSHED PSHED.dll Tue Jul 14 03: 32: 23 2009 (4A5BE027)
fffff880`00c6b000 fffff880`00cc9000 CLFS CLFS.SYS Tue Jul 14 01: 19: 57 2009 (4A5BC11D)
fffff880`00cc9000 fffff880`00d89000 CI CI.dll Sat Nov 20 14: 12: 36 2010 (4CE7C944)
fffff880`00d89000 fffff880`00da9000 vmci vmci.sys Wed Jul 27 04: 42: 09 2011 (4E2F7B01)
fffff880`00da9000 fffff880`00dc3000 mountmgr mountmgr.sys Sat Nov 20 10: 19: 21 2010 (4CE79299)
fffff880`00dc3000 fffff880`00dff000 vmbus vmbus.sys Sat Nov 20 10: 57: 29 2010 (4CE79B89)
fffff880`00e00000 fffff880`00e15000 volmgr volmgr.sys Sat Nov 20 10: 19: 28 2010 (4CE792A0)
fffff880`00e15000 fffff880`00e71000 volmgrx volmgrx.sys Sat Nov 20 10: 20: 43 2010 (4CE792EB)
fffff880`00e71000 fffff880`00e78000 pciide pciide.sys Tue Jul 14 01: 19: 49 2009 (4A5BC115)
fffff880`00e7d000 fffff880`00f21000 Wdf01000 Wdf01000.sys Tue Jul 14 01: 22: 07 2009 (4A5BC19F)
fffff880`00f21000 fffff880`00f30000 WDFLDR WDFLDR.SYS Tue Jul 14 01: 19: 54 2009 (4A5BC11A)
fffff880`00f30000 fffff880`00f87000 ACPI ACPI.sys Sat Nov 20 10: 19: 16 2010 (4CE79294)
fffff880`00f87000 fffff880`00f90000 WMILIB WMILIB.SYS Tue Jul 14 01: 19: 51 2009 (4A5BC117)
fffff880`00f90000 fffff880`00f9a000 msisadrv msisadrv.sys Tue Jul 14 01: 19: 26 2009 (4A5BC0FE)
fffff880`00f9a000 fffff880`00fcd000 pci pci.sys Sat Nov 20 10: 19: 11 2010 (4CE7928F)
fffff880`00fcd000 fffff880`00fda000 vdrvroot vdrvroot.sys Tue Jul 14 02: 01: 31 2009 (4A5BCADB)
fffff880`00fda000 fffff880`00fef000 partmgr partmgr.sys Sat Mar 17 06: 06: 09 2012 (4F641BC1)
fffff880`00fef000 fffff880`00fff000 PCIIDEX PCIIDEX.SYS Tue Jul 14 01: 19: 48 2009 (4A5BC114)
fffff880`01000000 fffff880`01072000 cng cng.sys Fri Aug 24 17: 47: 16 2012 (5037A204)
fffff880`01083000 fffff880`01097000 winhv winhv.sys Sat Nov 20 10: 20: 02 2010 (4CE792C2)
fffff880`01097000 fffff880`010a0000 atapi atapi.sys Tue Jul 14 01: 19: 47 2009 (4A5BC113)
fffff880`010a0000 fffff880`010ca000 ataport ataport.SYS Sat Nov 20 10: 19: 15 2010 (4CE79293)
fffff880`010ca000 fffff880`010d5000 msahci msahci.sys Sat Nov 20 11: 33: 58 2010 (4CE7A416)
fffff880`010d5000 fffff880`010e0000 amdxata amdxata.sys Fri Mar 19 17: 18: 18 2010 (4BA3A3CA)
fffff880`010e0000 fffff880`0112c000 fltmgr fltmgr.sys Sat Nov 20 10: 19: 24 2010 (4CE7929C)
fffff880`0112c000 fffff880`01140000 fileinfo fileinfo.sys Tue Jul 14 01: 34: 25 2009 (4A5BC481)
fffff880`01140000 fffff880`01178000 MpFilter MpFilter.sys Fri Aug 24 01: 03: 14 2012 (5036B6B2)
fffff880`01178000 fffff880`011d6000 msrpc msrpc.sys Sat Nov 20 10: 21: 56 2010 (4CE79334)
fffff880`01200000 fffff880`0120a000 Fs_Rec Fs_Rec.sys Thu Mar 01 04: 41: 06 2012 (4F4EEFD2)
fffff880`0122c000 fffff880`013cf000 Ntfs Ntfs.sys Fri Aug 31 17: 14: 14 2012 (5040D4C6)
fffff880`013cf000 fffff880`013ea000 ksecdd ksecdd.sys Sat Jun 02 04: 50: 23 2012 (4FC97F6F)
fffff880`013ea000 fffff880`013fb000 pcw pcw.sys Tue Jul 14 01: 19: 27 2009 (4A5BC0FF)
fffff880`01400000 fffff880`0144a000 fwpkclnt fwpkclnt.sys Wed Aug 22 17: 10: 49 2012 (5034F679)
fffff880`0144a000 fffff880`0145a000 vmstorfl vmstorfl.sys Sat Nov 20 10: 57: 30 2010 (4CE79B8A)
fffff880`01461000 fffff880`01553000 ndis ndis.sys Wed Aug 22 17: 11: 46 2012 (5034F6B2)
fffff880`01553000 fffff880`015b3000 NETIO NETIO.SYS Wed Aug 22 17: 11: 28 2012 (5034F6A0)
fffff880`015b3000 fffff880`015de000 ksecpkg ksecpkg.sys Fri Aug 24 17: 48: 29 2012 (5037A24D)
fffff880`01600000 fffff880`01800000 tcpip tcpip.sys Wed Aug 22 17: 13: 43 2012 (5034F727)
fffff880`01839000 fffff880`01885000 volsnap volsnap.sys Sat Nov 20 10: 20: 08 2010 (4CE792C8)
fffff880`01885000 fffff880`0188d000 spldr spldr.sys Mon May 11 18: 56: 27 2009 (4A0858BB)
fffff880`0188d000 fffff880`018c7000 rdyboost rdyboost.sys Sat Nov 20 10: 43: 10 2010 (4CE7982E)
fffff880`018c7000 fffff880`018d9000 mup mup.sys Tue Jul 14 01: 23: 45 2009 (4A5BC201)
fffff880`018d9000 fffff880`018e2000 hwpolicy hwpolicy.sys Sat Nov 20 10: 18: 54 2010 (4CE7927E)
fffff880`018e2000 fffff880`0191c000 fvevol fvevol.sys Sat Nov 20 10: 24: 06 2010 (4CE793B6)
fffff880`0191c000 fffff880`01932000 disk disk.sys Tue Jul 14 01: 19: 57 2009 (4A5BC11D)
fffff880`01932000 fffff880`01962000 CLASSPNP CLASSPNP.SYS Sat Nov 20 10: 19: 23 2010 (4CE7929B)
fffff880`01998000 fffff880`019c2000 cdrom cdrom.sys Sat Nov 20 10: 19: 20 2010 (4CE79298)
fffff880`019c2000 fffff880`019e3000 NisDrvWFP NisDrvWFP.sys Fri Aug 24 01: 03: 36 2012 (5036B6C8)
fffff880`03a00000 fffff880`03a24000 mrxsmb20 mrxsmb20.sys Wed Apr 27 04: 39: 37 2011 (4DB781E9)
fffff880`03a24000 fffff880`03a30000 hcmon hcmon.sys Tue Aug 30 08: 05: 35 2011 (4E5C7DAF)
fffff880`03a30000 fffff880`03a3b000 VMparport VMparport.sys Wed Jan 18 22: 11: 47 2012 (4F173593)
fffff880`03a48000 fffff880`03ad4000 bthport bthport.sys Fri Jul 06 22: 07: 41 2012 (4FF7458D)
fffff880`03ad4000 fffff880`03af1000 usbccgp usbccgp.sys Fri Mar 25 04: 29: 14 2011 (4D8C0C0A)
fffff880`03af1000 fffff880`03aff000 hidusb hidusb.sys Sat Nov 20 11: 43: 49 2010 (4CE7A665)
fffff880`03aff000 fffff880`03b18000 HIDCLASS HIDCLASS.SYS Sat Nov 20 11: 43: 49 2010 (4CE7A665)
fffff880`03b18000 fffff880`03b20080 HIDPARSE HIDPARSE.SYS Tue Jul 14 02: 06: 17 2009 (4A5BCBF9)
fffff880`03b21000 fffff880`03b2f000 kbdhid kbdhid.sys Sat Nov 20 11: 33: 25 2010 (4CE7A3F5)
fffff880`03b2f000 fffff880`03b3a000 VMkbd VMkbd.sys Wed Jan 18 23: 30: 36 2012 (4F17480C)
fffff880`03b3a000 fffff880`03b47000 mouhid mouhid.sys Tue Jul 14 02: 00: 20 2009 (4A5BCA94)
fffff880`03b47000 fffff880`03b73000 rfcomm rfcomm.sys Tue Jul 14 02: 06: 56 2009 (4A5BCC20)
fffff880`03b73000 fffff880`03b83000 BthEnum BthEnum.sys Tue Jul 14 02: 06: 52 2009 (4A5BCC1C)
fffff880`03b83000 fffff880`03ba3000 bthpan bthpan.sys Tue Jul 14 02: 07: 00 2009 (4A5BCC24)
fffff880`03ba3000 fffff880`03bba000 bthmodem bthmodem.sys Tue Jul 14 02: 06: 52 2009 (4A5BCC1C)
fffff880`03bba000 fffff880`03bc9000 modem modem.sys Tue Jul 14 02: 10: 48 2009 (4A5BCD08)
fffff880`03bc9000 fffff880`03bda000 vmnetbridge vmnetbridge.sys Fri Jul 08 09: 44: 44 2011 (4E16B56C)
fffff880`03bda000 fffff880`03be4000 VMNET VMNET.SYS Fri Jul 08 09: 43: 55 2011 (4E16B53B)
fffff880`03be4000 fffff880`03bf9000 lltdio lltdio.sys Tue Jul 14 02: 08: 50 2009 (4A5BCC92)
fffff880`03e00000 fffff880`03e51000 rdbss rdbss.sys Sat Nov 20 10: 27: 51 2010 (4CE79497)
fffff880`03e5c000 fffff880`03eed000 cmdguard cmdguard.sys Sun Mar 11 21: 47: 16 2012 (4F5D0F54)
fffff880`03eed000 fffff880`03ef6000 Null Null.SYS Tue Jul 14 01: 19: 37 2009 (4A5BC109)
fffff880`03ef6000 fffff880`03efd000 Beep Beep.SYS Tue Jul 14 02: 00: 13 2009 (4A5BCA8D)
fffff880`03efd000 fffff880`03f0b000 vga vga.sys Tue Jul 14 01: 38: 47 2009 (4A5BC587)
fffff880`03f0b000 fffff880`03f30000 VIDEOPRT VIDEOPRT.SYS Tue Jul 14 01: 38: 51 2009 (4A5BC58B)
fffff880`03f30000 fffff880`03f40000 watchdog watchdog.sys Tue Jul 14 01: 37: 35 2009 (4A5BC53F)
fffff880`03f40000 fffff880`03f49000 RDPCDD RDPCDD.sys Tue Jul 14 02: 16: 34 2009 (4A5BCE62)
fffff880`03f49000 fffff880`03f52000 rdpencdd rdpencdd.sys Tue Jul 14 02: 16: 34 2009 (4A5BCE62)
fffff880`03f52000 fffff880`03f5b000 rdprefmp rdprefmp.sys Tue Jul 14 02: 16: 35 2009 (4A5BCE63)
fffff880`03f5b000 fffff880`03f66000 Msfs Msfs.SYS Tue Jul 14 01: 19: 47 2009 (4A5BC113)
fffff880`03f66000 fffff880`03f77000 Npfs Npfs.SYS Tue Jul 14 01: 19: 48 2009 (4A5BC114)
fffff880`03f77000 fffff880`03f99000 tdx tdx.sys Sat Nov 20 10: 21: 54 2010 (4CE79332)
fffff880`03f99000 fffff880`03fa6000 TDI TDI.SYS Sat Nov 20 10: 22: 06 2010 (4CE7933E)
fffff880`03fa6000 fffff880`03fb2000 cmdhlp cmdhlp.sys Sun Mar 11 21: 46: 18 2012 (4F5D0F1A)
fffff880`03fb2000 fffff880`03fd5000 luafv luafv.sys Tue Jul 14 01: 26: 13 2009 (4A5BC295)
fffff880`03fd5000 fffff880`03fe7000 vmx86 vmx86.sys Thu Jan 19 00: 33: 10 2012 (4F1756B6)
fffff880`04000000 fffff880`0405a000 usbhub usbhub.sys Fri Mar 25 04: 29: 25 2011 (4D8C0C15)
fffff880`0405a000 fffff880`0406f000 NDProxy NDProxy.SYS Sat Nov 20 11: 52: 20 2010 (4CE7A864)
fffff880`0406f000 fffff880`04091000 drmk drmk.sys Tue Jul 14 03: 01: 25 2009 (4A5BD8E5)
fffff880`04091000 fffff880`0409f000 crashdmp crashdmp.sys Tue Jul 14 02: 01: 01 2009 (4A5BCABD)
fffff880`0409f000 fffff880`040b2000 dump_dumpfve dump_dumpfve.sys Tue Jul 14 01: 21: 51 2009 (4A5BC18F)
fffff880`040bc000 fffff880`0413f000 csc csc.sys Sat Nov 20 10: 27: 12 2010 (4CE79470)
fffff880`0413f000 fffff880`0415d000 dfsc dfsc.sys Sat Nov 20 10: 26: 31 2010 (4CE79447)
fffff880`0415d000 fffff880`0416e000 blbdrive blbdrive.sys Tue Jul 14 01: 35: 59 2009 (4A5BC4DF)
fffff880`0416e000 fffff880`04194000 tunnel tunnel.sys Sat Nov 20 11: 51: 50 2010 (4CE7A846)
fffff880`04194000 fffff880`041aa000 intelppm intelppm.sys Tue Jul 14 01: 19: 25 2009 (4A5BC0FD)
fffff880`041aa000 fffff880`041b9000 kbdclass kbdclass.sys Tue Jul 14 01: 19: 50 2009 (4A5BC116)
fffff880`041b9000 fffff880`041c8000 mouclass mouclass.sys Tue Jul 14 01: 19: 50 2009 (4A5BC116)
fffff880`041c8000 fffff880`041da000 umbus umbus.sys Sat Nov 20 11: 44: 37 2010 (4CE7A695)
fffff880`041da000 fffff880`041e8000 monitor monitor.sys Tue Jul 14 01: 38: 52 2009 (4A5BC58C)
fffff880`041e8000 fffff880`04200000 BTHUSB BTHUSB.sys Thu Apr 28 05: 54: 56 2011 (4DB8E510)
fffff880`04200000 fffff880`04226000 pacer pacer.sys Sat Nov 20 11: 52: 18 2010 (4CE7A862)
fffff880`04226000 fffff880`0423e000 inspect inspect.sys Mon Dec 19 19: 48: 52 2011 (4EEF8714)
fffff880`0423e000 fffff880`04254000 vwififlt vwififlt.sys Tue Jul 14 02: 07: 22 2009 (4A5BCC3A)
fffff880`04254000 fffff880`04263000 netbios netbios.sys Tue Jul 14 02: 09: 26 2009 (4A5BCCB6)
fffff880`04263000 fffff880`04280000 serial serial.sys Tue Jul 14 02: 00: 40 2009 (4A5BCAA8)
fffff880`04280000 fffff880`0429b000 wanarp wanarp.sys Sat Nov 20 11: 52: 36 2010 (4CE7A874)
fffff880`0429b000 fffff880`042af000 termdd termdd.sys Sat Nov 20 12: 03: 40 2010 (4CE7AB0C)
fffff880`042af000 fffff880`042bb000 nsiproxy nsiproxy.sys Tue Jul 14 01: 21: 02 2009 (4A5BC15E)
fffff880`042bb000 fffff880`042c6000 mssmbios mssmbios.sys Tue Jul 14 01: 31: 10 2009 (4A5BC3BE)
fffff880`042c6000 fffff880`042d5000 discache discache.sys Tue Jul 14 01: 37: 18 2009 (4A5BC52E)
fffff880`042d5000 fffff880`042f0000 USBSTOR USBSTOR.SYS Fri Mar 11 05: 37: 16 2011 (4D79A6FC)
fffff880`042fc000 fffff880`04385000 afd afd.sys Wed Dec 28 04: 59: 20 2011 (4EFA9418)
fffff880`04385000 fffff880`043ca000 netbt netbt.sys Sat Nov 20 10: 23: 18 2010 (4CE79386)
fffff880`043ca000 fffff880`043d5000 ws2ifsl ws2ifsl.sys Tue Jul 14 02: 10: 33 2009 (4A5BCCF9)
fffff880`043d5000 fffff880`043de000 wfplwf wfplwf.sys Tue Jul 14 02: 09: 26 2009 (4A5BCCB6)
fffff880`043de000 fffff880`043ff000 WudfPf WudfPf.sys Sat Nov 20 11: 42: 44 2010 (4CE7A624)
fffff880`04400000 fffff880`04456000 USBPORT USBPORT.SYS Fri Mar 25 04: 29: 12 2011 (4D8C0C08)
fffff880`04456000 fffff880`04467000 usbehci usbehci.sys Fri Mar 25 04: 29: 04 2011 (4D8C0C00)
fffff880`04467000 fffff880`0447d000 AgileVpn AgileVpn.sys Tue Jul 14 02: 10: 24 2009 (4A5BCCF0)
fffff880`0447d000 fffff880`04486000 dump_atapi dump_atapi.sys Tue Jul 14 01: 19: 47 2009 (4A5BC113)
fffff880`04487000 fffff880`0457b000 dxgkrnl dxgkrnl.sys Sat Nov 20 10: 50: 50 2010 (4CE799FA)
fffff880`0457b000 fffff880`045c1000 dxgmms1 dxgmms1.sys Sat Nov 20 10: 49: 53 2010 (4CE799C1)
fffff880`045c1000 fffff880`045ce000 usbuhci usbuhci.sys Fri Mar 25 04: 29: 03 2011 (4D8C0BFF)
fffff880`045ce000 fffff880`045f2000 HDAudBus HDAudBus.sys Sat Nov 20 11: 43: 42 2010 (4CE7A65E)
fffff880`045f2000 fffff880`045fe000 ndistapi ndistapi.sys Tue Jul 14 02: 10: 00 2009 (4A5BCCD8)
fffff880`04800000 fffff880`0481d000 parport parport.sys Tue Jul 14 02: 00: 40 2009 (4A5BCAA8)
fffff880`0481d000 fffff880`04823c00 GEARAspiWDM GEARAspiWDM.sys Thu May 03 21: 56: 17 2012 (4FA2E2E1)
fffff880`04824000 fffff880`04834000 CompositeBus CompositeBus.sys Sat Nov 20 11: 33: 17 2010 (4CE7A3ED)
fffff880`0483a000 fffff880`049b9000 athrx athrx.sys Fri Nov 06 21: 56: 02 2009 (4AF48D62)
fffff880`049b9000 fffff880`049c6000 vwifibus vwifibus.sys Tue Jul 14 02: 07: 21 2009 (4A5BCC39)
fffff880`049c6000 fffff880`049f8000 Rt64win7 Rt64win7.sys Thu Feb 26 10: 04: 13 2009 (49A65B0D)
fffff880`04c00000 fffff880`04c43000 ks ks.sys Sat Nov 20 11: 33: 23 2010 (4CE7A3F3)
fffff880`04c43000 fffff880`04c46e80 BdaSup BdaSup.SYS Tue Jul 14 02: 06: 40 2009 (4A5BCC10)
fffff880`04c47000 fffff880`04c4c200 ksthunk ksthunk.sys Tue Jul 14 02: 00: 19 2009 (4A5BCA93)
fffff880`04c4d000 fffff880`04c5a000 fdc fdc.sys Tue Jul 14 02: 00: 54 2009 (4A5BCAB6)
fffff880`04c5a000 fffff880`04c62000 ASACPI ASACPI.sys Mon Mar 28 04: 30: 36 2005 (42476C4C)
fffff880`04c62000 fffff880`04c6e000 serenum serenum.sys Tue Jul 14 02: 00: 33 2009 (4A5BCAA1)
fffff880`04c6e000 fffff880`04c6f480 swenum swenum.sys Tue Jul 14 02: 00: 18 2009 (4A5BCA92)
fffff880`04c71000 fffff880`04dfe580 Ph3xIB64 Ph3xIB64.sys Fri May 08 23: 11: 49 2009 (4A04A015)
fffff880`06600000 fffff880`0663d000 portcls portcls.sys Tue Jul 14 02: 06: 27 2009 (4A5BCC03)
fffff880`0663d000 fffff880`06649000 Dxapi Dxapi.sys Tue Jul 14 01: 38: 28 2009 (4A5BC574)
fffff880`06649000 fffff880`0664af00 USBD USBD.SYS Fri Mar 25 04: 28: 59 2011 (4D8C0BFB)
fffff880`0664c000 fffff880`067f8900 RTKVHD64 RTKVHD64.sys Fri May 22 20: 04: 20 2009 (4A16E924)
fffff880`08200000 fffff880`0821e000 bowser bowser.sys Wed Feb 23 05: 55: 04 2011 (4D649328)
fffff880`0821e000 fffff880`08236000 mpsdrv mpsdrv.sys Tue Jul 14 02: 08: 25 2009 (4A5BCC79)
fffff880`08236000 fffff880`08263000 mrxsmb mrxsmb.sys Wed Apr 27 04: 40: 38 2011 (4DB78226)
fffff880`08263000 fffff880`082b1000 mrxsmb10 mrxsmb10.sys Sat Jul 09 04: 46: 28 2011 (4E17C104)
fffff880`082b9000 fffff880`0830c000 nwifi nwifi.sys Tue Jul 14 02: 07: 23 2009 (4A5BCC3B)
fffff880`0830c000 fffff880`0831f000 ndisuio ndisuio.sys Sat Nov 20 11: 50: 08 2010 (4CE7A7E0)
fffff880`0831f000 fffff880`08337000 rspndr rspndr.sys Tue Jul 14 02: 08: 50 2009 (4A5BCC92)
fffff880`08337000 fffff880`08400000 HTTP HTTP.sys Sat Nov 20 10: 24: 30 2010 (4CE793CE)
fffff880`08800000 fffff880`08869000 srv2 srv2.sys Fri Apr 29 05: 05: 46 2011 (4DBA2B0A)
fffff880`088cb000 fffff880`08971000 peauth peauth.sys Tue Jul 14 03: 01: 19 2009 (4A5BD8DF)
fffff880`08971000 fffff880`0897c000 secdrv secdrv.SYS Wed Sep 13 15: 18: 38 2006 (4508052E)
fffff880`0897c000 fffff880`089ad000 srvnet srvnet.sys Fri Apr 29 05: 05: 35 2011 (4DBA2AFF)
fffff880`089ad000 fffff880`089bf000 tcpipreg tcpipreg.sys Sat Nov 20 11: 51: 48 2010 (4CE7A844)
fffff880`089bf000 fffff880`089c9000 vmnetuserif vmnetuserif.sys Wed Jan 18 22: 36: 25 2012 (4F173B59)
fffff880`0902c000 fffff880`090c4000 srv srv.sys Fri Apr 29 05: 06: 06 2011 (4DBA2B1E)
fffff880`090c4000 fffff880`090f5000 WUDFRd WUDFRd.sys Sat Nov 20 11: 43: 32 2010 (4CE7A654)
fffff880`090f5000 fffff880`0912b000 fastfat fastfat.SYS Tue Jul 14 01: 23: 28 2009 (4A5BC1F0)
fffff880`0912b000 fffff880`0919c000 spsys spsys.sys Mon May 11 19: 20: 58 2009 (4A085E7A)
fffff880`0919c000 fffff880`091a7000 asyncmac asyncmac.sys Tue Jul 14 02: 10: 13 2009 (4A5BCCE5)
fffff880`0f000000 fffff880`0f01a000 rassstp rassstp.sys Tue Jul 14 02: 10: 25 2009 (4A5BCCF1)
fffff880`0f01a000 fffff880`0f025000 rdpbus rdpbus.sys Tue Jul 14 02: 17: 46 2009 (4A5BCEAA)
fffff880`0f025000 fffff880`0f030000 flpydisk flpydisk.sys Tue Jul 14 02: 00: 54 2009 (4A5BCAB6)
fffff880`0f033000 fffff880`0fd27000 nvlddmkm nvlddmkm.sys Tue Oct 02 20: 21: 13 2012 (506B3099)
fffff880`0fd27000 fffff880`0fd65000 1394ohci 1394ohci.sys Sat Nov 20 11: 44: 56 2010 (4CE7A6A8)
fffff880`0fd65000 fffff880`0fd89000 rasl2tp rasl2tp.sys Sat Nov 20 11: 52: 34 2010 (4CE7A872)
fffff880`0fd89000 fffff880`0fdb8000 ndiswan ndiswan.sys Sat Nov 20 11: 52: 32 2010 (4CE7A870)
fffff880`0fdb8000 fffff880`0fdd3000 raspppoe raspppoe.sys Tue Jul 14 02: 10: 17 2009 (4A5BCCE9)
fffff880`0fdd3000 fffff880`0fdf4000 raspptp raspptp.sys Sat Nov 20 11: 52: 31 2010 (4CE7A86F)
fffff880`0fdf4000 fffff880`0fe00000 dump_dumpata dump_dumpata.sys Tue Jul 14 01: 19: 47 2009 (4A5BC113)
fffff960`000e0000 fffff960`003f5000 win32k win32k.sys Wed Jul 18 20: 14: 37 2012 (5006FD0D)
fffff960`00410000 fffff960`0041a000 TSDDD TSDDD.dll unavailable (00000000)
fffff960`00670000 fffff960`00697000 cdd cdd.dll Sat Nov 20 13: 55: 34 2010 (4CE7C546)
Unloaded modules:
fffff880`01962000 fffff880`01970000 crashdmp.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000E000
fffff880`01970000 fffff880`0197c000 dump_ataport
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000C000
fffff880`0197c000 fffff880`01985000 dump_atapi.s
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00009000
fffff880`01985000 fffff880`01998000 dump_dumpfve
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00013000
Bugcheck code 0000007F
Arguments 00000000`00000008 00000000`80050031 00000000`000006f8 fffff800`041087c7
[CPU Information]
~MHz = REG_DWORD 2341
Component Information = REG_BINARY 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
Configuration Data = REG_FULL_RESOURCE_DESCRIPTOR ff,ff,ff,ff,ff,ff,ff,ff,0,0,0,0,0,0,0,0
Identifier = REG_SZ Intel64 Family 6 Model 23 Stepping 7
ProcessorNameString = REG_SZ Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Update Signature = REG_BINARY 0,0,0,0,5,7,0,0
Update Status = REG_DWORD 0
VendorIdentifier = REG_SZ GenuineIntel
MSR8B = REG_QWORD 70500000000
Machine ID Information [From Smbios 2.5, DMIVersion 0, Size=2278]
BiosMajorRelease = 8
BiosMinorRelease = 14
BiosVendor = American Megatrends Inc.
BiosVersion = 0418
BiosReleaseDate = 12/09/2008
SystemManufacturer = PCF
SystemProductName = System Product Name
SystemFamily = To Be Filled By O.E.M.
SystemVersion = System Version
SystemSKU = To Be Filled By O.E.M.
BaseBoardManufacturer = ASUSTeK Computer INC.
BaseBoardProduct = P5QL-EM
BaseBoardVersion = Rev X.0x
CPUID: "Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz"
MaxSpeed: 2330
CurrentSpeed: 2341
[SMBIOS Data Tables v2.5]
[DMI Version - 0]
[2.0 Calling Convention - No]
[Table Size - 2278 bytes]
[BIOS Information (Type 0) - Length 24 - Handle 0000h]
Vendor American Megatrends Inc.
BIOS Version 0418
BIOS Starting Address Segment f000
BIOS Release Date 12/09/2008
BIOS ROM Size 100000
BIOS Characteristics
04: - ISA Supported
07: - PCI Supported
09: - Plug and Play Supported
10: - APM Supported
11: - Upgradeable FLASH BIOS
12: - BIOS Shadowing Supported
14: - ESCD Supported
15: - CD-Boot Supported
16: - Selectable Boot Supported
17: - BIOS ROM Socketed
19: - EDD Supported
23: - 1.2MB Floppy Supported
24: - 720KB Floppy Supported
25: - 2.88MB Floppy Supported
26: - Print Screen Device Supported
27: - Keyboard Services Supported
28: - Serial Services Supported
29: - Printer Services Supported
30: - CGA/Mono Services Supported
32: - BIOS Vendor Reserved
BIOS Characteristic Extensions
00: - ACPI Supported
01: - USB Legacy Supported
04: - LS120-Boot Supported
05: - ATAPI ZIP-Boot Supported
08: - BIOS Boot Specification Supported
10: - Specification Reserved
BIOS Major Revision 8
BIOS Minor Revision 14
EC Firmware Major Revision 255
EC Firmware Minor Revision 255
[System Information (Type 1) - Length 27 - Handle 0001h]
Manufacturer PCF
Product Name System Product Name
Version System Version
Serial Number
UUID 00000000-0000-0000-0000-000000000000
Wakeup Type Power Switch
SKUNumber To Be Filled By O.E.M.
Family To Be Filled By O.E.M.
[BaseBoard Information (Type 2) - Length 15 - Handle 0002h]
Manufacturer ASUSTeK Computer INC.
Product P5QL-EM
Version Rev X.0x
Serial Number
Asset Tag
Feature Flags 09h
1638284660: - c
1638284620: - c
Location To Be Filled By O.E.M.
Chassis Handle 0003h
Board Type 0ah - Processor/Memory Module
Number of Child Handles 0
[System Enclosure (Type 3) - Length 21 - Handle 0003h]
Manufacturer Chassis Manufacture
Chassis Type Desktop
Version Chassis Version
Serial Number
Asset Tag Number
Bootup State Safe
Power Supply State Safe
Thermal State Safe
Security Status None
OEM Defined 1
Height 0U
Number of Power Cords 1
Number of Contained Elements 0
Contained Element Size 0
[Processor Information (Type 4) - Length 40 - Handle 0004h]
Socket Designation LGA775
Processor Type Central Processor
Processor Family 01h - Other
Processor Manufacturer Intel
Processor ID 77060100fffbebbf
Processor Version Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Processor Voltage 8ch - 1.2V
External Clock 333MHz
Max Speed 3800MHz
Current Speed 2333MHz
Status Enabled Populated
Processor Upgrade Specification Reserved
L1 Cache Handle 0005h
L2 Cache Handle 0006h
L3 Cache Handle 0007h
Serial Number
Asset Tag Number
Part Number To Be Filled By O.E.M.
[Cache Information (Type 7) - Length 19 - Handle 0005h]
Socket Designation L1-Cache
Cache Configuration 0180h - WB Enabled Int NonSocketed L1
Maximum Cache Size 0080h - 128K
Installed Size 0080h - 128K
Supported SRAM Type 0001h - Other
Current SRAM Type 0001h - Other
Cache Speed 0ns
Error Correction Type ParitySingle-Bit ECC
System Cache Type Data
Associativity 8-way Set-Associative
[Cache Information (Type 7) - Length 19 - Handle 0006h]
Socket Designation L2-Cache
Cache Configuration 0181h - WB Enabled Int NonSocketed L2
Maximum Cache Size 1000h - 4096K
Installed Size 1000h - 4096K
Supported SRAM Type 0001h - Other
Current SRAM Type 0001h - Other
Cache Speed 0ns
Error Correction Type Multi-Bit ECC
System Cache Type Instruction
Associativity 8-way Set-Associative
[Cache Information (Type 7) - Length 19 - Handle 0007h]
Socket Designation L3-Cache
Cache Configuration 0302h - Unknown Disabled Int NonSocketed L3
Maximum Cache Size 0000h - 0K
Installed Size 0000h - 0K
Supported SRAM Type 0002h - Unknown
Current SRAM Type 0002h - Unknown
Cache Speed 0ns
Error Correction Type Unknown
System Cache Type Unknown
Associativity Unknown
[Onboard Devices Information (Type 10) - Length 6 - Handle 002dh]
Number of Devices 1
01: Type Ethernet [enabled]
01: Description Onboard Ethernet
[OEM Strings (Type 11) - Length 5 - Handle 002eh]
Number of Strings 4
1 002215D6FD62
2 To Be Filled By O.E.M.
3 To Be Filled By O.E.M.
4 To Be Filled By O.E.M.
[Physical Memory Array (Type 16) - Length 15 - Handle 0031h]
Location 03h - SystemBoard/Motherboard
Use 03h - System Memory
Memory Error Correction 03h - None
Maximum Capacity 8388608KB
Memory Error Inf Handle [Not Provided]
Number of Memory Devices 4
[Memory Array Mapped Address (Type 19) - Length 15 - Handle 0032h]
Starting Address 00000000h
Ending Address 003fffffh
Memory Array Handle 0031h
Partition Width 04
[Memory Device (Type 17) - Length 27 - Handle 0033h]
Physical Memory Array Handle 0031h
Memory Error Info Handle [Not Provided]
Total Width 64 bits
Data Width 64 bits
Size 2048MB
Form Factor 09h - DIMM
Device Set [None]
Device Locator DIMM0
Bank Locator BANK0
Memory Type 13h - Specification Reserved
Type Detail 0080h - Synchronous
Speed 800MHz
Manufacturer Manufacturer0
Serial Number
Asset Tag Number
Part Number PartNum0
[Memory Device Mapped Address (Type 20) - Length 19 - Handle 0034h]
Starting Address 00000000h
Ending Address 001fffffh
Memory Device Handle 0033h
Mem Array Mapped Adr Handle 0032h
Partition Row Position 01
Interleave Position [None]
Interleave Data Depth 01
[Memory Device (Type 17) - Length 27 - Handle 0035h]
Physical Memory Array Handle 0031h
Memory Error Info Handle [Not Provided]
Total Width [Unknown]
Data Width 64 bits
Size [Not Populated]
Form Factor 01h - Other
Device Set [None]
Device Locator DIMM1
Bank Locator BANK1
Memory Type 02h - Unknown
Type Detail 0000h -
Speed 0MHz
Manufacturer Manufacturer1
Serial Number
Asset Tag Number
Part Number PartNum1
[Memory Device (Type 17) - Length 27 - Handle 0037h]
Physical Memory Array Handle 0031h
Memory Error Info Handle [Not Provided]
Total Width 64 bits
Data Width 64 bits
Size 2048MB
Form Factor 09h - DIMM
Device Set [None]
Device Locator DIMM2
Bank Locator BANK2
Memory Type 13h - Specification Reserved
Type Detail 0080h - Synchronous
Speed 800MHz
Manufacturer Manufacturer2
Serial Number
Asset Tag Number
Part Number PartNum2
[Memory Device Mapped Address (Type 20) - Length 19 - Handle 0038h]
Starting Address 00200000h
Ending Address 003fffffh
Memory Device Handle 0037h
Mem Array Mapped Adr Handle 0032h
Partition Row Position 01
Interleave Position [None]
Interleave Data Depth 01
[Memory Device (Type 17) - Length 27 - Handle 0039h]
Physical Memory Array Handle 0031h
Memory Error Info Handle [Not Provided]
Total Width [Unknown]
Data Width 64 bits
Size [Not Populated]
Form Factor 01h - Other
Device Set [None]
Device Locator DIMM3
Bank Locator BANK3
Memory Type 02h - Unknown
Type Detail 0000h -
Speed 0MHz
Manufacturer Manufacturer3
Serial Number
Asset Tag Number
Part Number PartNum3
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\22\dump\Minidump\102912-23150-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
Machine Name:
Kernel base = 0xfffff800`0400f000 PsLoadedModuleList = 0xfffff800`04253670
Debug session time: Mon Oct 29 18: 43: 13.389 2012 (UTC + 1: 00)
System Uptime: 0 days 0: 01: 12.168
Loading Kernel Symbols
...............................................................
................................................................
...............................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff88001269f50, fffff8800680cd60, 0}
Probably caused by : Ntfs.sys ( Ntfs!memset+80 )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff88001269f50, Address of the instruction which caused the bugcheck
Arg3: fffff8800680cd60, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod 0x%08lx odwo
FAULTING_IP:
Ntfs!memset+80
fffff880`01269f50 488911 mov qword ptr [rcx],rdx
CONTEXT: fffff8800680cd60 -- (.cxr 0xfffff8800680cd60)
rax=0000000000000000 rbx=0000000000011000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=fffff8800680d7d8
rip=fffff88001269f50 rsp=fffff8800680d748 rbp=fffff8800680db1c
r8=0000000000000018 r9=0000000000000005 r10=fffffa800477f030
r11=fffff880012f5de0 r12=0000000000000000 r13=0000000000000001
r14=fffff8800680d7d8 r15=000000000680d7d8
iopl=0 nv up ei ng nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010287
Ntfs!memset+0x80:
fffff880`01269f50 488911 mov qword ptr [rcx],rdx ds: 002b: 00000000`00000000=?
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff88001269f50
STACK_TEXT:
fffff880`0680d748 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Ntfs!memset+0x80
FOLLOWUP_IP:
Ntfs!memset+80
fffff880`01269f50 488911 mov qword ptr [rcx],rdx
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ntfs!memset+80
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ntfs
IMAGE_NAME: Ntfs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5040d4c6
STACK_COMMAND: .cxr 0xfffff8800680cd60 ; kb
FAILURE_BUCKET_ID: X64_0x3B_Ntfs!memset+80
BUCKET_ID: X64_0x3B_Ntfs!memset+80
Followup: MachineOwner
---------
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\22\dump\Minidump\102912-22713-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
Machine Name:
Kernel base = 0xfffff800`0401b000 PsLoadedModuleList = 0xfffff800`0425f670
Debug session time: Mon Oct 29 18: 48: 38.813 2012 (UTC + 1: 00)
System Uptime: 0 days 0: 01: 51.592
Loading Kernel Symbols
...............................................................
................................................................
...............................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {ffffffffba0f0000, 2, 0, fffff8000419beaf}
Probably caused by : hardware ( nt!EtwTraceContextSwap+6f )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: ffffffffba0f0000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8000419beaf, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800042c9100
ffffffffba0f0000
CURRENT_IRQL: 2
FAULTING_IP:
nt!EtwTraceContextSwap+6f
fffff800`0419beaf 84840000000fba test byte ptr [rax+rax-45F10000h],al
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: fffff88002f8bb50 -- (.trap 0xfffff88002f8bb50)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8008e571cf
rdx=fffff88002f6dfc0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000419beaf rsp=fffff88002f8bce0 rbp=fffff88002f8bdb0
r8=fffffa80036eb0c8 r9=0000000000000000 r10=fffffffffffffffb
r11=fffff88002f63180 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!EtwTraceContextSwap+0x6f:
fffff800`0419beaf 84840000000fba test byte ptr [rax+rax-45F10000h],al ds: bc98: ffffffff`ba0f0000=?
Resetting default scope
MISALIGNED_IP:
nt!EtwTraceContextSwap+6f
fffff800`0419beaf 84840000000fba test byte ptr [rax+rax-45F10000h],al
LAST_CONTROL_TRANSFER: from fffff80004099569 to fffff80004099fc0
STACK_TEXT:
fffff880`02f8ba08 fffff800`04099569 : 00000000`0000000a ffffffff`ba0f0000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`02f8ba10 fffff800`040981e0 : 00000000`07fcccba 00000000`00013750 fffff880`02f8bcc0 fffff880`02f63180 : nt!KiBugCheckDispatch+0x69
fffff880`02f8bb50 fffff800`0419beaf : 00000000`0f40f770 fffff880`02f6dfc0 fffffa80`041dbd40 400000c2`400000c1 : nt!KiPageFault+0x260
fffff880`02f8bce0 fffff800`0409d387 : fffff880`00000002 fffff880`02f63180 fffff880`02f8bdb0 fffff880`02f6dfc0 : nt!EtwTraceContextSwap+0x6f
fffff880`02f8bd40 fffff800`04091d7d : fffff880`02f63180 fffff880`00000000 00000000`00000000 fffff880`010ccf5c : nt!SwapContext_PatchXRstor+0x103
fffff880`02f8bd80 00000000`00000000 : fffff880`02f8c000 fffff880`02f86000 fffff880`02f8bd40 00000000`00000000 : nt!KiIdleLoop+0x10d
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!EtwTraceContextSwap+6f
fffff800`0419beaf 84840000000fba test byte ptr [rax+rax-45F10000h],al
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!EtwTraceContextSwap+6f
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: hardware
FAILURE_BUCKET_ID: X64_IP_MISALIGNED
BUCKET_ID: X64_IP_MISALIGNED
Followup: MachineOwner
---------
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\22\dump\Minidump\101912-45396-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
Machine Name:
Kernel base = 0xfffff800`03e0b000 PsLoadedModuleList = 0xfffff800`0404f670
Debug session time: Fri Oct 19 11: 09: 30.187 2012 (UTC + 1: 00)
System Uptime: 0 days 0: 00: 21.576
Loading Kernel Symbols
...............................................................
.........................................................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck DA, {500, fffff6fc40021b90, 20, 4372}
Probably caused by : rdyboost.sys ( rdyboost!SmFpAllocate+4f )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_PTE_MISUSE (da)
The stack trace identifies the guilty driver.
Arguments:
Arg1: 0000000000000500, Type of error.
Arg2: fffff6fc40021b90
Arg3: 0000000000000020
Arg4: 0000000000004372
Debugging Details:
------------------
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xDA
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff80003ee32b3 to fffff80003e89fc0
STACK_TEXT:
fffff880`0379a848 fffff800`03ee32b3 : 00000000`000000da 00000000`00000500 fffff6fc`40021b90 00000000`00000020 : nt!KeBugCheckEx
fffff880`0379a850 fffff800`03e8f024 : 00000000`0000007c fffff800`04036f60 00000000`00000000 00000000`00000000 : nt! ? : FNODOBFM: `string'+0xb3aa
fffff880`0379a960 fffff800`03ea4cbb : fffff880`00000000 fffff800`040377a8 00004fa2`00001356 00000000`00001356 : nt!MiEmptyPteBins+0x10d
fffff880`0379a9b0 fffff880`0141aebf : fffffa80`0623f700 fffff800`00004fe5 00000000`00000001 fffffa80`04729fa0 : nt!MmMapLockedPagesSpecifyCache+0x74c
fffff880`0379aa80 fffff880`01405005 : fffffa80`04729118 fffff880`01412519 fffffa80`0623f700 fffff880`04fe0000 : rdyboost!SmFpAllocate+0x4f
fffff880`0379aad0 fffff880`014123da : fffffa80`04729118 fffffa80`04729118 fffff880`037983e0 fffffa80`04729118 : rdyboost!ST_STORE<SMD_TRAITS>: StDmCurrentRegionSet+0xcd
fffff880`0379ab30 fffff880`0141059e : fffffa80`04729118 00000000`0000000f 00000000`0000000f 00000000`00000180 : rdyboost!ST_STORE<SMD_TRAITS>: StDmpSinglePageFindSpace+0x4a
fffff880`0379ab60 fffff880`0140f773 : fffffa80`05ccc0d0 fffffa80`06249040 00000000`00000000 fffffa80`04729118 : rdyboost!ST_STORE<SMD_TRAITS>: StDmpSinglePageAdd+0x2e
fffff880`0379ac20 fffff880`0140f62e : fffffa80`05ccc0d0 fffff880`0000f000 00000000`00000080 00000000`0000000f : rdyboost!ST_STORE<SMD_TRAITS>: StDmPageAdd+0xe3
fffff880`0379ac80 fffff880`0140e41a : fffffa80`05ccc0d0 00000000`00000080 00000000`00000080 fffffa80`04729f88 : rdyboost!ST_STORE<SMD_TRAITS>: StWorkItemProcess+0x23a
fffff880`0379ace0 fffff800`04120e5a : 00000000`00000000 fffff880`00000000 fffffa80`04719b50 fffffa80`036f5040 : rdyboost!SMKM_STORE<SMD_TRAITS>: SmStWorker+0x152
fffff880`0379ad40 fffff800`03e7ad26 : fffff880`02f63180 fffffa80`04719b50 fffff880`02f6dfc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`0379ad80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
rdyboost!SmFpAllocate+4f
fffff880`0141aebf eb21 jmp rdyboost!SmFpAllocate+0x72 (fffff880`0141aee2)
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: rdyboost!SmFpAllocate+4f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: rdyboost
IMAGE_NAME: rdyboost.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7982e
FAILURE_BUCKET_ID: X64_0xDA_rdyboost!SmFpAllocate+4f
BUCKET_ID: X64_0xDA_rdyboost!SmFpAllocate+4f
Followup: MachineOwner
---------
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\22\dump\Minidump\102912-21855-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
Machine Name:
Kernel base = 0xfffff800`0405b000 PsLoadedModuleList = 0xfffff800`0429f670
Debug session time: Mon Oct 29 16: 41: 38.261 2012 (UTC + 1: 00)
System Uptime: 0 days 0: 04: 13.635
Loading Kernel Symbols
...............................................................
................................................................
.................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {3, fffff80004261750, fffff80004261750, fffff80004261770}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+a53 )
Followup: Pool_corruption
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffff80004261750, the pool entry being checked.
Arg3: fffff80004261750, the read back flink freelist value (should be the same as 2).
Arg4: fffff80004261770, the read back blink freelist value (should be the same as 2).
Debugging Details:
------------------
BUGCHECK_STR: 0x19_3
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: vmware-authd.e
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff800042044b3 to fffff800040d9fc0
STACK_TEXT:
fffff880`0a31bf78 fffff800`042044b3 : 00000000`00000019 00000000`00000003 fffff800`04261750 fffff800`04261750 : nt!KeBugCheckEx
fffff880`0a31bf80 fffff880`016fc6be : 00000000`00000000 00000000`00000011 00000000`00000000 00000000`00000000 : nt!ExDeferredFreePool+0xa53
fffff880`0a31c070 fffff880`01677193 : fffffa80`05ce71a0 fffffa80`05ce71a0 00000000`00000000 00000000`00000000 : ndis!ndisQueueRequestWorkItem+0x5e
fffff880`0a31c0d0 fffff880`017326fe : fffffa80`05fbf000 fffff880`0a31c290 00000000`00000000 00000000`fc01020a : ndis!ndisQueueRequestOnTop+0x3a3
fffff880`0a31c170 fffff880`018804cf : 00000000`00000000 fffff8a0`00000006 00000000`00000000 fffff800`040ebf00 : ndis!ndisMOidRequest+0xde
fffff880`0a31c260 fffff880`018805ec : 00000000`00000000 fffff880`0a31c440 00000000`00000040 ffffe028`9627199f : tcpip!FlpNdisRequestUnderReference+0x9f
fffff880`0a31c3d0 fffff880`0184f983 : 00000000`00000000 00000000`fc01020a fffffa80`05fbe670 00000000`00000000 : tcpip!FlQueryInterface+0x8c
fffff880`0a31c420 fffff880`018502ad : fffffa80`05fbe670 fffff880`0a31c610 fffff880`0a31c510 fffff880`01969800 : tcpip!IppQueryInterfaceProperty+0x73
fffff880`0a31c470 fffff880`0185016e : fffff880`00000040 fffffa80`05fbe670 00000000`00000004 fffff880`0a31c590 : tcpip!IppAddInterfaceStats+0x7d
fffff880`0a31c4f0 fffff880`0184fecd : 00830000`05000000 fffff880`01969800 00000000`00000004 00000000`00000003 : tcpip!IppAddGlobalOffloadStatistics+0xb6
fffff880`0a31c560 fffff880`0176cc08 : 00000000`00000000 fffff880`017b4358 fffffa80`07dfd658 fffffa80`045e4940 : tcpip!IpGetAllGlobalParameters+0x51d
fffff880`0a31c6a0 fffff880`041a59d6 : fffff880`0a31c900 fffffa80`045e4940 fffffa80`07dfd5f0 fffff880`0a31c900 : NETIO!NsiGetAllParametersEx+0x258
fffff880`0a31c7b0 fffff880`041a7902 : fffffa80`066970e0 fffffa80`066970e0 00000000`00000000 fffffa80`06697048 : nsiproxy!NsippGetAllParameters+0x2b2
fffff880`0a31c9a0 fffff880`041a79db : fffffa80`05b2b550 00000000`00000000 00000000`00000001 00000000`00000003 : nsiproxy!NsippDispatchDeviceControl+0x8a
fffff880`0a31c9e0 fffff800`043f0687 : fffffa80`061b4f20 fffffa80`061b4f20 fffffa80`06697128 fffffa80`06697010 : nsiproxy!NsippDispatch+0x4b
fffff880`0a31ca10 fffff800`043f0ee6 : 00000000`0244e758 00000000`000005c4 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x607
fffff880`0a31cb40 fffff800`040d9253 : fffffa80`07951060 00000000`0244e6f8 fffff880`0a31cbc8 00000000`00000001 : nt!NtDeviceIoControlFile+0x56
fffff880`0a31cbb0 00000000`755f2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0244f008 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x755f2e09
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+a53
fffff800`042044b3 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExDeferredFreePool+a53
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a53
BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a53
Followup: Pool_corruption
---------
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\22\dump\Minidump\102812-29062-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
Machine Name:
Kernel base = 0xfffff800`04007000 PsLoadedModuleList = 0xfffff800`0424b670
Debug session time: Sun Oct 28 14: 04: 42.587 2012 (UTC + 1: 00)
System Uptime: 0 days 0: 00: 40.366
Loading Kernel Symbols
...............................................................
................................................................
..................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {f6, 4, fffffa8007da8060, fffff88008e01772}
Unable to load image \?\C: \Program Files (x86)\CyberLink\PowerDVD\000.fcl, Win32 error 0n2
*** WARNING: Unable to verify timestamp for 000.fcl
*** ERROR: Module load completed but symbols could not be loaded for 000.fcl
Probably caused by : 000.fcl ( 000+1772 )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 0000000000000004, Handle value being referenced.
Arg3: fffffa8007da8060, Address of the current process.
Arg4: fffff88008e01772, Address inside the driver that is performing the incorrect reference.
Debugging Details:
------------------
BUGCHECK_STR: 0xc4_f6
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME: WmiPrvSE.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff8000450c3dc to fffff80004085fc0
STACK_TEXT:
fffff880`0949a478 fffff800`0450c3dc : 00000000`000000c4 00000000`000000f6 00000000`00000004 fffffa80`07da8060 : nt!KeBugCheckEx
fffff880`0949a480 fffff800`04521ae4 : 00000000`00000004 fffffa80`07da8060 00000000`00000002 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`0949a4c0 fffff800`043bfbf5 : fffff6fb`7e200040 00000000`00000004 fffff880`0949a650 fffff800`0422cd30 : nt!VfCheckUserHandle+0x1b4
fffff880`0949a5a0 fffff800`04085253 : fffffa80`07dbe060 00000000`00000000 fffff6fb`7dbf1400 fffff880`0949a6a0 : nt! ? : NNGAKEGL: `string'+0x23055
fffff880`0949a5d0 fffff800`04081810 : fffff880`08e01772 fffffa80`07db0da0 fffff800`0422cd30 fffff800`0422cd30 : nt!KiSystemServiceCopyEnd+0x13
fffff880`0949a768 fffff880`08e01772 : fffffa80`07db0da0 fffff800`0422cd30 fffff800`0422cd30 00000000`00000000 : nt!KiServiceLinkage
fffff880`0949a770 fffffa80`07db0da0 : fffff800`0422cd30 fffff800`0422cd30 00000000`00000000 00000000`00000005 : 000+0x1772
fffff880`0949a778 fffff800`0422cd30 : fffff800`0422cd30 00000000`00000000 00000000`00000005 fffff880`00000000 : 0xfffffa80`07db0da0
fffff880`0949a780 fffff800`0422cd30 : 00000000`00000000 00000000`00000005 fffff880`00000000 00000000`00000000 : nt!PspLoadImageNotifyRoutine+0x10
fffff880`0949a788 00000000`00000000 : 00000000`00000005 fffff880`00000000 00000000`00000000 00000000`00000018 : nt!PspLoadImageNotifyRoutine+0x10
STACK_COMMAND: kb
FOLLOWUP_IP:
000+1772
fffff880`08e01772 85db test ebx,ebx
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: 000+1772
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: 000
IMAGE_NAME: 000.fcl
DEBUG_FLR_IMAGE_TIMESTAMP: 4705a5da
FAILURE_BUCKET_ID: X64_0xc4_f6_VRF_000+1772
BUCKET_ID: X64_0xc4_f6_VRF_000+1772
Followup: MachineOwner
---------
RE: BSOD 5 minut po uruchomieniu komputera - thermalfake - 01.11.2012 17:10
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\22\dump\Minidump\102812-21106-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
Machine Name:
Kernel base = 0xfffff800`04003000 PsLoadedModuleList = 0xfffff800`04247670
Debug session time: Sun Oct 28 12: 32: 29.383 2012 (UTC + 1: 00)
System Uptime: 0 days 0: 04: 57.772
Loading Kernel Symbols
...............................................................
................................................................
......................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {2b, 2, 0, fffff80004088e20}
Probably caused by : win32k.sys ( win32k!xxxRealSleepThread+257 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000000000000002b, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80004088e20, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800042b1100
000000000000002b
CURRENT_IRQL: 2
FAULTING_IP:
nt!KeWaitForSingleObject+230
fffff800`04088e20 498b0e mov rcx,qword ptr [r14]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: firefox.exe
TRAP_FRAME: fffff8800aac3980 -- (.trap 0xfffff8800aac3980)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000004a8f rbx=0000000000000000 rcx=0000000000000002
rdx=000000000000000d rsi=0000000000000000 rdi=0000000000000000
rip=fffff80004088e20 rsp=fffff8800aac3b10 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=0000000000000001
r11=fffffa8007682750 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!KeWaitForSingleObject+0x230:
fffff800`04088e20 498b0e mov rcx,qword ptr [r14] ds: 00000000`00000000=???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80004081569 to fffff80004081fc0
STACK_TEXT:
fffff880`0aac3838 fffff800`04081569 : 00000000`0000000a 00000000`0000002b 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0aac3840 fffff800`040801e0 : fffff900`c06cb870 00000000`00000000 00000000`76d0b500 00000000`0000002b : nt!KiBugCheckDispatch+0x69
fffff880`0aac3980 fffff800`04088e20 : fffff900`c06cb870 fffff960`0013d43d fffff900`c06cb800 fffff800`0000000d : nt!KiPageFault+0x260
fffff880`0aac3b10 fffff960`0013d417 : fffff900`c06cb800 fffff960`0000000d 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x230
fffff880`0aac3bb0 00001fa1`02010000 : 00000000`07f5cf10 00000000`74952e09 00000000`00000000 00000000`0000002b : win32k!xxxRealSleepThread+0x257
fffff880`0aac3c50 00000000`07f5cf10 : 00000000`74952e09 00000000`00000000 00000000`0000002b 00000000`7606f5be : 0x1fa1`02010000
fffff880`0aac3c58 00000000`74952e09 : 00000000`00000000 00000000`0000002b 00000000`7606f5be 00000000`00000000 : 0x7f5cf10
fffff880`0aac3c60 00000000`00000000 : 00000000`0000002b 00000000`7606f5be 00000000`00000000 00000000`00200246 : 0x74952e09
STACK_COMMAND: kb
FOLLOWUP_IP:
win32k!xxxRealSleepThread+257
fffff960`0013d417 448be8 mov r13d,eax
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: win32k!xxxRealSleepThread+257
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5006fd0d
FAILURE_BUCKET_ID: X64_0xA_win32k!xxxRealSleepThread+257
BUCKET_ID: X64_0xA_win32k!xxxRealSleepThread+257
Followup: MachineOwner
---------
Kod:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Users\user\Desktop\bsody\22\dump\Minidump\102712-21418-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: symsrv*symsrv.dll*c: \symb*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17944.amd64fre.win7sp1_gdr.120830-0333
Machine Name:
Kernel base = 0xfffff800`04050000 PsLoadedModuleList = 0xfffff800`04294670
Debug session time: Sat Oct 27 12: 10: 04.208 2012 (UTC + 1: 00)
System Uptime: 0 days 0: 04: 16.988
Loading Kernel Symbols
...............................................................
................................................................
......................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {3, fffff8a00e0060a0, fffff8a00e006080, fffff8a00e0060a0}
Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+cbb )
Followup: Pool_corruption
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffff8a00e0060a0, the pool entry being checked.
Arg3: fffff8a00e006080, the read back flink freelist value (should be the same as 2).
Arg4: fffff8a00e0060a0, the read back blink freelist value (should be the same as 2).
Debugging Details:
------------------
BUGCHECK_STR: 0x19_3
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff800041f970f to fffff800040cefc0
STACK_TEXT:
fffff880`031afa78 fffff800`041f970f : 00000000`00000019 00000000`00000003 fffff8a0`0e0060a0 fffff8a0`0e006080 : nt!KeBugCheckEx
fffff880`031afa80 fffff800`041fb1a1 : fffff800`043c1560 fffff8a0`0dff8760 fffffa80`036e4b50 fffff880`02f63180 : nt!ExDeferredFreePool+0xcbb
fffff880`031afb10 fffff800`043b012c : fffff800`042cc600 00000000`00000000 00000000`624e4d43 00000000`00000000 : nt!ExFreePoolWithTag+0x411
fffff880`031afbc0 fffff800`043b01c0 : fffff8a0`0366ccc0 00000000`d108d2f0 fffff8a0`007c5010 ffffffff`ffffffff : nt!CmpDereferenceNameControlBlockWithLock+0xdc
fffff880`031afbf0 fffff800`043901ef : fffff8a0`0366ccc0 fffff800`043ae730 fffff800`624e4d43 fffff800`00000000 : nt!CmpCleanUpKcbCacheWithLock+0x34
fffff880`031afc20 fffff800`043ae921 : fffff8a0`0366ccc0 00000000`ff2221a7 fffff8a0`007c5010 00000000`00000000 : nt!CmpDereferenceKeyControlBlockWithLock+0x13f
fffff880`031afc50 fffff800`040d8641 : fffff800`0426c2d8 fffffa80`036e4b50 00000000`00000000 00000000`00000000 : nt!CmpDelayDerefKCBWorker+0x1f1
fffff880`031afcb0 fffff800`04365e5a : ffffbf3f`fdfff5ff fffffa80`036e4b50 00000000`00000080 fffffa80`036ce040 : nt!ExpWorkerThread+0x111
fffff880`031afd40 fffff800`040bfd26 : fffff880`02f63180 fffffa80`036e4b50 fffff880`02f6dfc0 fdffbfff`3fffe77f : nt!PspSystemThreadStartup+0x5a
fffff880`031afd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+cbb
fffff800`041f970f cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExDeferredFreePool+cbb
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+cbb
BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+cbb
Followup: Pool_corruption
---------
RE: BSOD 5 minut po uruchomieniu komputera - Wojtek.wk - 02.11.2012 13:09
(01.11.2012 15:46)thermalfake napisał(a): Pokręciłeś pliki
c:\Windows\System32\winevt\Logs\system.evtx a nie setup.evtx
Najmocniej przepraszam za pomyłkę, już wrzucam właściwy plik - ponieważ nie mieści się w załączniku, wrzucam go na Dropboxa: https://dl.dropbox.com/u/74280466/System.evtx.zip
Dzięki za pomoc!
|