BthA2DP.sys BugCheck

OS: Windows 8.1 x64
Steps to reproduce:
Connect Bluetooth Headphones, etc
Start 32 Bit WDM/KS audio output stream on BT device
Start any other BT output stream using the Global Audio Engine, e.g. by clicking on the System Tray Volume Slider control, WMP playback, ...
Kabooom!
Also "works" the other way around:
Run BT audio e.g. through WMP
Try to create BT pin instance from 32 Bit App -> KsCreatePin()
Bang!
A piece of user mode code with Guest account "privileges" is all it takes, in order to DOS the system this way.

Can you send me C:\windows\memory.dmp? Email me (mateer at microsoft dot com) and I'll send you a link to upload.
Matthew van Eerde

Similar Messages

Driver not or less equal.

Hey together,
my system crashes with the error Driver IRQL not less or equal when I start the PC. The system then reboots (automatically) and starts then without an error. It is always the first time, when I start the PC. I have a link to a crashdump here: dropbox.com/s/ihmewzhhwiodgvu/error-dumps.zip
Sorry for my bad english (I'm from Germany).
Thank you for your help!

H
You had athw8x.sys, and you installed athwbx.sys. Looks like the wrong driver.
These 2 still related to the same driver
Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Ken\Desktop\031614-7421-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*H:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*H:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 9600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.16452.amd64fre.winblue_gdr.131030-1505
Machine Name:
Kernel base = 0xfffff801`03413000 PsLoadedModuleList = 0xfffff801`036d7990
Debug session time: Sun Mar 16 14:27:15.595 2014 (UTC - 4:00)
System Uptime: 0 days 0:00:59.315
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
*** WARNING: Unable to verify timestamp for athwbx.sys
*** ERROR: Module load completed but symbols could not be loaded for athwbx.sys
* Bugcheck Analysis *
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff80002cc836a, ffffd00020ebe598, ffffd00020ebdda0}
Probably caused by : athwbx.sys ( athwbx+20036a )
Followup: MachineOwner
4: kd> !analyze -v
* Bugcheck Analysis *
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002cc836a, The address that the exception occurred at
Arg3: ffffd00020ebe598, Exception Record Address
Arg4: ffffd00020ebdda0, Context Record Address
Debugging Details:
OVERLAPPED_MODULE: Address regions for 'athwbx' and 'vwifibus.sys' overlap
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
athwbx+20036a
fffff800`02cc836a 488b08 mov rcx,qword ptr [rax]
EXCEPTION_RECORD: ffffd00020ebe598 -- (.exr 0xffffd00020ebe598)
ExceptionAddress: fffff80002cc836a (athwbx+0x000000000020036a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000000
Attempt to read from address 0000000000000000
CONTEXT: ffffd00020ebdda0 -- (.cxr 0xffffd00020ebdda0;r)
rax=0000000000000000 rbx=ffffe00004e00930 rcx=0000000000000000
rdx=0000000000000000 rsi=ffffe00002a29050 rdi=fffff80000b1505c
rip=fffff80002cc836a rsp=ffffd00020ebe7d0 rbp=0000000000000000
r8=fffff80002e594e0 r9=00000000000007ff r10=ffffd00020940000
r11=00000000000006d4 r12=0000000000000002 r13=fffff801036b21c0
r14=ffffe00004e00930 r15=fffff801036b2100
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
athwbx+0x20036a:
fffff800`02cc836a 488b08 mov rcx,qword ptr [rax] ds:002b:00000000`00000000=????????????????
Last set context:
rax=0000000000000000 rbx=ffffe00004e00930 rcx=0000000000000000
rdx=0000000000000000 rsi=ffffe00002a29050 rdi=fffff80000b1505c
rip=fffff80002cc836a rsp=ffffd00020ebe7d0 rbp=0000000000000000
r8=fffff80002e594e0 r9=00000000000007ff r10=ffffd00020940000
r11=00000000000006d4 r12=0000000000000002 r13=fffff801036b21c0
r14=ffffe00004e00930 r15=fffff801036b2100
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
athwbx+0x20036a:
fffff800`02cc836a 488b08 mov rcx,qword ptr [rax] ds:002b:00000000`00000000=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: NULL_DEREFERENCE
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000000
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80103760150
GetUlongFromAddress: unable to read from fffff80103760208
0000000000000000 Nonpaged pool
FOLLOWUP_IP:
athwbx+20036a
fffff800`02cc836a 488b08 mov rcx,qword ptr [rax]
BUGCHECK_STR: AV
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
LAST_CONTROL_TRANSFER: from ffffe00005a66270 to fffff80002cc836a
STACK_TEXT:
ffffd000`20ebe7d0 ffffe000`05a66270 : fffff800`02c4a3ca ffffe000`00000000 fffff800`02c53dd3 ffffe000`06a7e638 : athwbx+0x20036a
ffffd000`20ebe7d8 fffff800`02c4a3ca : ffffe000`00000000 fffff800`02c53dd3 ffffe000`06a7e638 fffff800`02cca52b : 0xffffe000`05a66270
ffffd000`20ebe7e0 ffffe000`00000000 : fffff800`02c53dd3 ffffe000`06a7e638 fffff800`02cca52b 00000000`00000000 : athwbx+0x1823ca
ffffd000`20ebe7e8 fffff800`02c53dd3 : ffffe000`06a7e638 fffff800`02cca52b 00000000`00000000 ffffe000`05a66270 : 0xffffe000`00000000
ffffd000`20ebe7f0 ffffe000`06a7e638 : fffff800`02cca52b 00000000`00000000 ffffe000`05a66270 00000000`00000000 : athwbx+0x18bdd3
ffffd000`20ebe7f8 fffff800`02cca52b : 00000000`00000000 ffffe000`05a66270 00000000`00000000 fffff800`02bb9893 : 0xffffe000`06a7e638
ffffd000`20ebe800 00000000`00000000 : ffffe000`05a66270 00000000`00000000 fffff800`02bb9893 ffffe000`00000001 : athwbx+0x20252b
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: athwbx+20036a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: athwbx
IMAGE_NAME: athwbx.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 525fb1d9
STACK_COMMAND: .cxr 0xffffd00020ebdda0 ; kb
FAILURE_BUCKET_ID: AV_athwbx+20036a
BUCKET_ID: AV_athwbx+20036a
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:av_athwbx+20036a
FAILURE_ID_HASH: {6ec2dd92-0a67-d61c-dbbb-7dd24eea9892}
Followup: MachineOwner
Wanikiya and Dyami--Team Zigzag

Read & Applied Other Threads Win Still Fatally Crashes When Running iTunes

I updated all the drivers on the system to the latest from the manufacturer websites yesterday. I then installed and ran WinDbg it is telling me RtkHDAud.sys (R+k HDAud+179e98) is the culprit causing a double fault. When I disable Realtek High Definition Audio in Device Manager my PC runs all day no hitches. I can even open iTunes and have it run in the background without trouble BUT of course I can't hear anything. Soon as I enable the audio card and run iTunes the system won't stay up for more than four minutes sometimes less. I can run Winamp without trouble BUT I DON'T WANT TO ! I have my iTunes library on an external Western Digital USB Hard Disk Drive, maybe this is the problem? Any direction I could try would be greatly appreciated. Best solution I can think of at this point is to get a squeeze box and just take the sound card out? Here is the Mini Dump from WinDbg
| | |
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini070808-04.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRVc:symbolshttp://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpspsp2gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Tue Jul 8 16:02:57.578 2008 (GMT-4)
System Uptime: 0 days 0:05:30.294
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
Unable to load image RtkHDAud.sys, Win32 error 0n2
* WARNING: Unable to verify timestamp for RtkHDAud.sys
* ERROR: Module load completed but symbols could not be loaded for RtkHDAud.sys
* Bugcheck Analysis *
Use !analyze -v to get detailed debugging information.
BugCheck 1000007F, {8, 80042000, 0, 0}
Probably caused by : RtkHDAud.sys ( RtkHDAud+179ea5 )
Followup: MachineOwner
0: kd> !analyze -v
* Bugcheck Analysis *
UNEXPECTEDKERNEL_MODE_TRAPM (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault). The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a portion of those codes:
If kv shows a taskGate
use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
use .trap on that value
Else
.trap on the appropriate frame will show where the trap was taken
(on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTIONDOUBLEFAULT
Arg2: 80042000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
BUGCHECK_STR: 0x7f_8
CUSTOMERCRASHCOUNT: 4
DEFAULTBUCKETID: COMMONSYSTEMFAULT
PROCESS_NAME: iTunes.exe
LASTCONTROLTRANSFER: from 00000000 to ad1cfea5
STACK_TEXT:
ae1b3240 00000000 893b93c0 89231314 892316f4 RtkHDAud+0x179ea5
STACK_COMMAND: kb
FOLLOWUP_IP:
RtkHDAud+179ea5
ad1cfea5 3bce cmp ecx,esi
SYMBOLSTACKINDEX: 0
SYMBOL_NAME: RtkHDAud+179ea5
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: RtkHDAud
IMAGE_NAME: RtkHDAud.sys
DEBUGFLR_IMAGETIMESTAMP: 4333df59
FAILUREBUCKETID: 0x7f8RtkHDAud+179ea5
BUCKET_ID: 0x7f8RtkHDAud+179ea5
Followup: MachineOwner
---------

I haven't a clue about this but one thing I would suggest is to try running Quicktime and playing audio,
It is possible that Quicktime is the culprit not iTunes as iTunes uses QUicktime to play music.
If it is quicktime and you really have installed the latest High Definition audio driver, then it probably worth trying a complete removal of QUicktime according to the method in this article. It is important to remove the Quicktime files from the system32 folder as recommended in the article.
http://support.apple.com/kb/HT1925
Then download and install the stand alone version of Quicktime.
http://www.apple.com/quicktime/download/win.html
It might also be worth going to your QUicktime preferences audio tab and checking safe mode to see if that makes any difference.

BSOD when on Skype Video call

So I just recently started to get frequent BSODs when on a video call. I believe it has to do with my Logitech webcam, because I can Audio call (No video at all) with no problem, but if I turn on the camera, a few minutes later, i just randomly get the BSOD.
I do have this file from the last BSOD. I got it when in a game while video calling, but the error is the same, so I know it's not the games or anything.
=================================================================
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: 1000007e
BCP1: FFFFFFFFC0000005
BCP2: FFFFF88004BE561A
BCP3: FFFFF880033C4658
BCP4: FFFFF880033C3EC0
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1
Files that help describe the problem:
C:\Windows\Minidump\010714-31855-01.dmp
C:\Users\Matt\AppData\Local\Temp\WER-86050-0.sysdata.xml
Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
==================================================================
The .dmp file is here: https://skydrive.live.com/redir?resid=3533AA13C3B40212!107&authkey=!AJH3kGYMbTnw1jM&ithint=file%2c.dmp
I couldn't get it to open or anything, so I figured someone else could. I really need help here. I usually know my way around these issues but this one's got me stumped..
Thanks for any help possible. Really appreciate it.

Matthew
This one crash was Related to
stdriver64.sys stdriver.sys from NCH Software I would remove it at least to test.
You also have other drivers needing updating because you have not installed SP-1. You need to asap
Service pack 1 Update.
http://windows.microsoft.com/installwindows7sp1
Learn how to install Windows 7 Service Pack 1 (SP1)
http://windows.microsoft.com/en-US/windows7/learn-how-to-install-windows-7-service-pack-1-sp1
Additional Resources:
http://windows.microsoft.com/en-US/windows7/uninstall-sp1
http://windows.microsoft.com/troubleshootwindows7sp1
Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Ken\Desktop\010714-31855-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*H:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*H:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.17118.amd64fre.win7_gdr.120830-0334
Machine Name:
Kernel base = 0xfffff800`0360b000 PsLoadedModuleList = 0xfffff800`03847e70
Debug session time: Tue Jan 7 17:10:45.288 2014 (UTC - 5:00)
System Uptime: 0 days 0:31:08.334
Loading Kernel Symbols
*** WARNING: Unable to verify timestamp for stdriver64.sys
*** ERROR: Module load completed but symbols could not be loaded for stdriver64.sys
BugCheck 1000007E, {ffffffffc0000005, fffff88004be561a, fffff880033c4658, fffff880033c3ec0}
Probably caused by : stdriver64.sys ( stdriver64+261a )
Wanikiya and Dyami--Team Zigzag

Live Update Online

One of the main reasons I bought this MSI Motherboard (790FX-GD70), was because of the "Simple" bios update procedure. MSI still has the live update on-line on their site advertising like it's a great thing.
Is MSI doing false advertising? Is the newest version any better?
I have not tried to use it yet since reading all the problems here. I know you don't have to flash your bios, but why not have the latest one? I am having some memory problems and thought maybe the latest bios would help.
What is the real answer? Anyone know? If I contact MSI are they going to tell me their Live Update On-line works well?
Anyway, thanks for listening.
cusafr

Yes, I have been to the OCZ web site and have tried many different suggested settings. Last night my system froze in BIOS. Had to reboot and set like for the first time. This morning BSOD right after POST.
Did a memtest last night-no errors. Did a checkdisk test-no errors.
Currently have the 8GB (4x2) AMD Black Edition memory modules set at 8-8-8-24-2t.
Any ideas?
cusafr
Crash dump directory: C:\Windows\Minidump
Crash dumps are enabled on your computer.
On Sun 12/13/2009 7:54:55 PM your computer crashed
This was likely caused by the following module: ntfs.sys
Bugcheck code: 0x24 (0x1904FB, 0xFFFFF880082FB718, 0xFFFFF880082FAF70, 0xFFFFF880012B4E8F)
Error: NTFS_FILE_SYSTEM
Dump file: C:\Windows\Minidump\121309-13057-01.dmp
file path: C:\Windows\system32\drivers\ntfs.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT File System Driver
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.
On Sun 12/13/2009 1:30:51 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF80002A6CA09, 0xFFFFF88009A83CD0, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
Dump file: C:\Windows\Minidump\121309-14118-01.dmp
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.
On Sat 12/12/2009 9:50:41 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0xBE (0xFFFFF88001B41000, 0x800000021CA0A021, 0xFFFFF88006E7D970, 0xB)
Error: ATTEMPTED_WRITE_TO_READONLY_MEMORY
Dump file: C:\Windows\Minidump\121209-14757-01.dmp
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.
On Fri 12/11/2009 2:30:50 AM your computer crashed
This was likely caused by the following module: tvichw64.sys
Bugcheck code: 0xC4 (0xF6, 0x290, 0xFFFFFA80029011D0, 0xFFFFF8800890AB7A)
Error: DRIVER_VERIFIER_DETECTED_VIOLATION
Dump file: C:\Windows\Minidump\121009-20794-01.dmp
On Fri 12/11/2009 2:10:50 AM your computer crashed
This was likely caused by the following module: tvichw64.sys
Bugcheck code: 0xC4 (0xF6, 0x258, 0xFFFFFA8004D4BB30, 0xFFFFF8800A0C7B7A)
Error: DRIVER_VERIFIER_DETECTED_VIOLATION
Dump file: C:\Windows\Minidump\121009-22167-01.dmp
On Fri 12/11/2009 1:35:22 AM your computer crashed
This was likely caused by the following module: unknown_image
Bugcheck code: 0xC4 (0xF6, 0x290, 0xFFFFFA800508DB30, 0xFFFFF880099BCB7A)
Error: DRIVER_VERIFIER_DETECTED_VIOLATION
Dump file: C:\Windows\Minidump\121009-20607-01.dmp
On Thu 12/10/2009 11:39:47 PM your computer crashed
This was likely caused by the following module: tvichw64.sys
Bugcheck code: 0xC4 (0xF6, 0x290, 0xFFFFFA8004AC8B30, 0xFFFFF8800827EB7A)
Error: DRIVER_VERIFIER_DETECTED_VIOLATION
Dump file: C:\Windows\Minidump\121009-21528-01.dmp
On Thu 12/10/2009 11:30:11 PM your computer crashed
This was likely caused by the following module: tvichw64.sys
Bugcheck code: 0xC4 (0xF6, 0x290, 0xFFFFFA8004467060, 0xFFFFF88009ACFB7A)
Error: DRIVER_VERIFIER_DETECTED_VIOLATION
Dump file: C:\Windows\Minidump\121009-23166-01.dmp
On Thu 12/10/2009 7:05:43 PM your computer crashed
This was likely caused by the following module: elrawdsk.sys
Bugcheck code: 0xC4 (0xF6, 0x37C, 0xFFFFFA80045422E0, 0xFFFFF880084E1C12)
Error: DRIVER_VERIFIER_DETECTED_VIOLATION
Dump file: C:\Windows\Minidump\121009-24008-01.dmp
file path: C:\Windows\system32\drivers\elrawdsk.sys
product: RawDisk
company: EldoS Corporation
description: RawDisk Driver. Allows write access to raw disk sectors for user mode applications in Windows 2000, XP, 2003, Vista, 2008.
On Thu 12/10/2009 7:01:14 PM your computer crashed
This was likely caused by the following module: elrawdsk.sys
Bugcheck code: 0xC4 (0xF6, 0x404, 0xFFFFFA8004B97630, 0xFFFFF88007164C12)
Error: DRIVER_VERIFIER_DETECTED_VIOLATION
Dump file: C:\Windows\Minidump\121009-24663-01.dmp
file path: C:\Windows\system32\drivers\elrawdsk.sys
product: RawDisk
company: EldoS Corporation
description: RawDisk Driver. Allows write access to raw disk sectors for user mode applications in Windows 2000, XP, 2003, Vista, 2008.
On Thu 12/10/2009 6:57:45 PM your computer crashed
This was likely caused by the following module: elrawdsk.sys
Bugcheck code: 0xC4 (0xF6, 0x5E4, 0xFFFFFA8004AEF660, 0xFFFFF880081AFC12)
Error: DRIVER_VERIFIER_DETECTED_VIOLATION
Dump file: C:\Windows\Minidump\121009-26910-01.dmp
file path: C:\Windows\system32\drivers\elrawdsk.sys
product: RawDisk
company: EldoS Corporation
description: RawDisk Driver. Allows write access to raw disk sectors for user mode applications in Windows 2000, XP, 2003, Vista, 2008.
On Thu 12/10/2009 6:29:41 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0xC1 (0xFFFFF900C6608630, 0xFFFFF900C66080B2, 0x93A9C8, 0x32)
Error: SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION
Dump file: C:\Windows\Minidump\121009-23134-01.dmp
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.
Conclusion
12 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

IRQL_not_Less_Or_Equal T400

We're getting a very strange problem on any T400 we try something on. Alot of our users have 3G dongles that they use. The dongle in question is an E170 HSPA model.
When we insert the BT dongle to the machine, a piece of software installs itself which is needed for the dongle to work, called BT Access manager. The installation works fine. Now, after installation the software boots up and at the point of connection we get this issue on BSOD.
"A problem has been detected and is shutting down your computer to prevent further damage"
IRQL_Not_Less_Or_Equal
(Further down the page):
Technical Information:
***Stop: 0x000000A (0x00453041, 0x00000016, 0x00000000, 0x804F8A68)'
I have done the following in no particular order.
Defrag on C:
System Restore to three seperate points
Lenovo Restore and Recovery
Complete reinstallation of Windows XP SP3 and completely up to date patches and updates.
Every driver in existence for the BT dongle
Changed drivers for the internal network card. (new and old)
Changed drivers for the wireless adapter (New and old)
I am currently doing an SFC check as a last resort. I have spoken to BT about the issue to see if it's something they're aware of, however this is the first instance they've heard of. I have also logged a call with Lenovo however they're being particularly useless on a number of calls so I've given in on that.
I have installed this on a number of others laptops, namelt HP's and Dells with no errors or issues at all.
Does anyone have any advice at all about this as we're currently upgrading all of our users to these T400's and the majority of them will be using these dongles.
Many thanks in advance
Solved!
Go to Solution.

Lurkios wrote:
I'm assuming you've tried the basics here, but just in case make sure:
1. You're running the latest service pack/essential updates - I am indeed yes.
2. You have the latest driver versions for your 3G dongle and that they are the correct version for the installed OS - I have tried all the Win2k and XP drivers for this dongle yes.
That out of the way, I could use a bit more information.
1. How many T400 systems have you tried this on? - We have seen this problem on 4 machines.
2. Where those systems in a factory-install state when you tried it? - I have the same issue when on factory install state, with Windows XP SP3 w/ updates, and with our own image.
2a. If not, are you able to try the dongle on one in a factory-install state? - Have tried this in configured and unconfigured with the same error.
3. Is it always the same error across the different T400s? - Exactly the same error yes.
3b. If not, please post 2 or 3 so I can see the differences.
4. Does the error message always change when you run SFC? - No, the errors now seem to be sporadic as to which one we get. Either I am now getting the initial IRQL error or I am getting the second STOP error.
Also, if you could provide the memory dumps and error logs for the systems on which this is occuring it would be a great help.
It took me a while as Windows Debugging Tool was being typically troublesome for me.
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Documents and Settings\Administrator\Local Settings\Temp\WERd3ae.dir00\Mini121409-04.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
Debug session time: Mon Dec 14 14:07:21.125 2009 (GMT+0)
System Uptime: 0 days 0:28:42.819
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
Unable to load image BTWSp50.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for BTWSp50.sys
*** ERROR: Module load completed but symbols could not be loaded for BTWSp50.sys
*                        Bugcheck Analysis                                    *
Use !analyze -v to get detailed debugging information.
BugCheck 1000000A, {4, ff, 1, 80546a1c}
Probably caused by : BTWSp50.sys ( BTWSp50+1dc8 )
Followup: MachineOwner
0: kd> !analyze -v
*                        Bugcheck Analysis                                    *
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000001, bitfield :
   bit 0 : value 0 = read operation, 1 = write operation
   bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 80546a1c, address which referenced memory
Debugging Details:
WRITE_ADDRESS: 00000004
CURRENT_IRQL: ff
FAULTING_IP:
nt!ExInsertPoolTag+34
80546a1c 894b04          mov     dword ptr [ebx+4],ecx
CUSTOMER_CRASH_COUNT: 4
DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: btomosrv.exe
LAST_CONTROL_TRANSFER: from b7739dc8 to 80546a1c
STACK_TEXT:
9e99dbd8 b7739dc8 87668654 8766864c 8905e308 nt!ExInsertPoolTag+0x34
WARNING: Stack unwind information not available. Following frames may be wrong.
9e99dc0c b773ac5f 8905e308 8bac6f68 9e99dc50 BTWSp50+0x1dc8
9e99dc1c 804ef19f 8905e308 8bac6f68 806e6428 BTWSp50+0x2c5f
9e99dc50 8057f982 8bac6fd8 87c3f7d8 8bac6f68 nt!MiFlushSectionInternal+0x256
9e99dc64 805807f7 8905e308 8bac6f68 87c3f7d8 nt!ObQueryNameString+0x5ab
9e99dd00 80579274 00000364 0000038c 00000000 nt!NtSetInformationThread+0x125
9e99dd34 8054162c 00000364 0000038c 00000000 nt!SepOpenTokenOfThread+0x87
9e99dd64 7c90e514 badb0d00 01b9faac 00000000 nt!RtlIpv4StringToAddressExW+0xad
9e99dd78 00000000 00000000 00000000 00000000 0x7c90e514
STACK_COMMAND: kb
FOLLOWUP_IP:
BTWSp50+1dc8
b7739dc8 ??              ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: BTWSp50+1dc8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: BTWSp50
IMAGE_NAME: BTWSp50.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 413e0f09
FAILURE_BUCKET_ID: 0xA_BTWSp50+1dc8
BUCKET_ID: 0xA_BTWSp50+1dc8
Followup: MachineOwner
I hope this helps.

Windows Server 2008 Enterprise SP2 64bit BugCheck 3B Probably caused by : win32k.sys process name: chrome.exe

indows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (12 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 6002.18327.amd64fre.vistasp2_gdr.101014-0432
Machine Name:
Kernel base = 0xfffff800`01847000 PsLoadedModuleList = 0xfffff800`01a0bdd0
Debug session time: Mon Nov 3 05:27:34.976 2014 (UTC - 5:00)
System Uptime: 81 days 16:48:21.023
* Bugcheck Analysis *
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff9600007f200, Address of the instruction which caused the bugcheck
Arg3: fffffa60155fff70, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
win32k!PFEOBJ::vFreepfdg+e8
fffff960`0007f200 0fba60300f bt dword ptr [rax+30h],0Fh
CONTEXT: fffffa60155fff70 -- (.cxr 0xfffffa60155fff70)
rax=000000000002f6bc rbx=0000000000000000 rcx=fffff900c1fad250
rdx=fffffa82bc20a330 rsi=fffff900c327a940 rdi=fffffa6015600820
rip=fffff9600007f200 rsp=fffffa60156007d0 rbp=0000000000000000
r8=0000000000000000 r9=000000000003fb36 r10=0000000000000000
r11=fffffa82aa1d6bb0 r12=0000000000000000 r13=0000000000000000
r14=000000000000491f r15=0000000000000001
iopl=0 nv up ei pl nz na pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010203
win32k!PFEOBJ::vFreepfdg+0xe8:
fffff960`0007f200 0fba60300f bt dword ptr [rax+30h],0Fh ds:002b:00000000`0002f6ec=????????
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT_SERVER
BUGCHECK_STR: 0x3B
PROCESS_NAME: chrome.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff96000244030 to fffff9600007f200
STACK_TEXT:
fffffa60`156007d0 fffff960`00244030 : 00000000`00000000 fffffa82`bc20a300 00000000`00000001 00000000`0000491f : win32k!PFEOBJ::vFreepfdg+0xe8
fffffa60`15600800 fffff960`0024e647 : 00000000`00000000 fffff900`c0092000 fffff900`c0010000 00000000`00000000 : win32k!RFONTOBJ::vDeleteRFONT+0x210
fffffa60`15600860 fffff960`0024e2ba : 00000000`00000000 fffff900`c1eb4010 fffff900`c1eb4010 fffff900`c2c773a0 : win32k!vRestartKillRFONTList+0xab
fffffa60`156008b0 fffff960`000f9bc2 : fffff900`c08ac998 fffff900`c2685350 00000000`00000000 fffff900`00000001 : win32k!PFTOBJ::bUnloadWorkhorse+0x196
fffffa60`15600930 fffff960`000fa7a1 : fffff900`c08ac910 00000000`00000000 00000000`00000001 00000000`00000001 : win32k!vCleanupPrivateFonts+0x72
fffffa60`15600970 fffff960`000eebc4 : 00000000`00000000 00000000`00000000 fffff900`c2621180 00000000`ffffffff : win32k!NtGdiCloseProcess+0x479
fffffa60`156009d0 fffff960`000ee42b : 00000000`00000000 fffff900`c2621180 00000000`00000000 00000000`00000000 : win32k!GdiProcessCallout+0x1f4
fffffa60`15600a50 fffff800`01afa77c : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa82`aa1d6bb0 : win32k!W32pProcessCallout+0x6f
fffffa60`15600a80 fffff800`01afcc7d : 00000000`00000000 fffffa82`aa1d6b01 00000000`00000000 00000000`00000000 : nt!PspExitThread+0x41c
fffffa60`15600b70 fffff800`01aed942 : 00000000`00000000 00000000`0000000c 00000000`fffdd000 fffff880`0000000c : nt!PspTerminateThreadByPointer+0x4d
fffffa60`15600bc0 fffff800`018a0f33 : fffffa82`ab4eac10 fffffa82`aa1d6bb0 fffffa60`15600ca0 00000000`fffdd000 : nt!NtTerminateProcess+0xfa
fffffa60`15600c20 00000000`779d6e5a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0007ded8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x779d6e5a
FOLLOWUP_IP:
win32k!PFEOBJ::vFreepfdg+e8
fffff960`0007f200 0fba60300f bt dword ptr [rax+30h],0Fh
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!PFEOBJ::vFreepfdg+e8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4de794fc
STACK_COMMAND: .cxr 0xfffffa60155fff70 ; kb
FAILURE_BUCKET_ID: X64_0x3B_win32k!PFEOBJ::vFreepfdg+e8
BUCKET_ID: X64_0x3B_win32k!PFEOBJ::vFreepfdg+e8
Followup: MachineOwner

Hi,
Would you please let me know whether had done any change before this issue occurred? For examples, install
any third-party application (chrome.exe) or any other? Meanwhile, would you please let me confirm whether this issue occurred regularly?
For Bug Check 0x3B, it indicates that an exception happened while executing a routine that transitions from
non-privileged code to privileged code. For more details, please refer to following article and check if can help you.
Bug Check 0x3B: SYSTEM_SERVICE_EXCEPTION
Please update drivers and install all necessary Windows Updates, then monitor the result. If this issue still
exists, please perform a
clean boot. Any difference?
By the way, it may be not effective for us to debug the crash dump file here in the forum. If this issues is a state of emergency for you. Please contact Microsoft Customer
Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request, please refer to the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
Hope this helps.
Best regards,
Justin Gu

Windows Server 2008 Enterprise SP2 64bit BugCheck 3B Probably caused by : win32k.sys ( win32k!PFFOBJ::pPvtDataMatch+12 )

Hi Guys,
Has anyone come across this BSOD error and found a fix, as I'm at a lost as to what is causing the BSOD
Please see Windows Debugger output below:-
Microsoft (R) Windows Debugger Version 6.2.9200.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Transfer\Minidumps\Mini051414-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (8 procs) Free x64
Product: Server, suite: Enterprise TerminalServer
Built by: 6002.23154.amd64fre.vistasp2_ldr.130707-1535
Machine Name:
Kernel base = 0xfffff800`01c18000 PsLoadedModuleList = 0xfffff800`01dd7e30
Debug session time: Wed May 14 12:01:16.178 2014 (UTC + 1:00)
System Uptime: 3 days 7:15:01.532
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
*                        Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffff9600030271e, fffffa603d967ec0, 0}
Probably caused by : win32k.sys ( win32k!PFFOBJ::pPvtDataMatch+12 )
Followup: MachineOwner
7: kd> !analyze -v
*                        Bugcheck Analysis
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff9600030271e, Address of the instruction which caused the bugcheck
Arg3: fffffa603d967ec0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
win32k!PFFOBJ::pPvtDataMatch+12
fffff960`0030271e f6430804        test    byte ptr [rbx+8],4
CONTEXT: fffffa603d967ec0 -- (.cxr 0xfffffa603d967ec0)
rax=fffff900c277dd10 rbx=6364735523080013 rcx=fffffa603d968790
rdx=fffff900c2cc92a0 rsi=fffff900c2ade350 rdi=fffffa80369f6680
rip=fffff9600030271e rsp=fffffa603d968720 rbp=0000000000000000
r8=0000000000000000 r9=fffffa80369f6680 r10=fffffa803b6cdc48
r11=fffffa603d9687c8 r12=fffffa603d968810 r13=0000000000000000
r14=000000000000301f r15=0000000000000001
iopl=0         nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b             efl=00010202
win32k!PFFOBJ::pPvtDataMatch+0x12:
fffff960`0030271e f6430804        test    byte ptr [rbx+8],4 ds:002b:63647355`2308001b=??
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT_SERVER
BUGCHECK_STR: 0x3B
PROCESS_NAME: chrome.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff960003009b1 to fffff9600030271e
STACK_TEXT:
fffffa60`3d968720 fffff960`003009b1 : 00000000`0000301f 00000000`00004fbc 00000000`00000000 fffffa80`3b6cdbb0 : win32k!PFFOBJ::pPvtDataMatch+0x12
fffffa60`3d968750 fffff960`001aacb6 : fffff900`c2ade350 fffff900`c3fa59e0 00000000`00000000 fffffa80`369f6680 : win32k!PFTOBJ::bUnloadWorkhorse+0x55
fffffa60`3d9687d0 fffff960`001ab8d8 : fffff900`c2ade2d0 00000000`00000000 00000000`00000001 00000000`00000001 : win32k!vCleanupPrivateFonts+0x72
fffffa60`3d968810 fffff960`0019fbc0 : 00000000`00000000 fffff800`01ebfe00 fffff900`c277dd10 fffffa80`38d5b800 : win32k!NtGdiCloseProcess+0x4a8
fffffa60`3d968870 fffff960`0019f423 : 00000000`00000000 fffff900`c277dd10 00000000`00000000 fffff800`01ebfe48 : win32k!GdiProcessCallout+0x1f4
fffffa60`3d9688f0 fffff800`01ecc924 : 00000000`00000000 00000000`00000000 fffff800`01db6ec0 00000000`00000000 : win32k!W32pProcessCallout+0x6f
fffffa60`3d968920 fffff800`01ebfe65 : fffffa60`00000000 fffff800`01c89701 fffffa80`57c73810 00000000`78457350 : nt!PspExitThread+0x41c
fffffa60`3d968a10 fffff800`01c89881 : fffffa60`3d968ad8 00000000`00000000 fffffa80`382fe430 00000000`00000000 : nt!PsExitSpecialApc+0x1d
fffffa60`3d968a40 fffff800`01c8d935 : fffffa60`3d968ca0 fffffa60`3d968ae0 fffff800`01ebfe74 00000000`00000001 : nt!KiDeliverApc+0x441
fffffa60`3d968ae0 fffff800`01c6721d : fffffa80`3b6cdbb0 00000000`0038f2f4 fffffa60`3d968bf8 fffffa80`597301e0 : nt!KiInitiateUserApc+0x75
fffffa60`3d968c20 00000000`74c93d09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0xa2
00000000`000eebd8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x74c93d09
FOLLOWUP_IP:
win32k!PFFOBJ::pPvtDataMatch+12
fffff960`0030271e f6430804        test    byte ptr [rbx+8],4
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!PFFOBJ::pPvtDataMatch+12
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 52f4cf4d
STACK_COMMAND: .cxr 0xfffffa603d967ec0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_win32k!PFFOBJ::pPvtDataMatch+12
BUCKET_ID: X64_0x3B_win32k!PFFOBJ::pPvtDataMatch+12
Followup: MachineOwner
7: kd> lmvm win32k
start             end                 module name
fffff960`000e0000 fffff960`0039a000   win32k     (pdb symbols)          c:\symbols\win32k.pdb\E3E9D4C3813E470A90F52FAEC6461A252\win32k.pdb
    Loaded symbol image file: win32k.sys
    Mapped memory image file: c:\symbols\win32k.sys\52F4CF4D2ba000\win32k.sys
    Image path: win32k.sys
    Image name: win32k.sys
    Timestamp:        Fri Feb 07 12:19:25 2014 (52F4CF4D)
    CheckSum:         002AD344
    ImageSize:        002BA000
    File version:     6.0.6002.23325
    Product version: 6.0.6002.23325
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     win32k.sys
    OriginalFilename: win32k.sys
    ProductVersion:   6.0.6002.23325
    FileVersion:      6.0.6002.23325 (vistasp2_ldr.140207-0038)
    FileDescription: Multi-User Win32 Driver
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
7: kd> .cxr 0xfffffa603d967ec0
rax=fffff900c277dd10 rbx=6364735523080013 rcx=fffffa603d968790
rdx=fffff900c2cc92a0 rsi=fffff900c2ade350 rdi=fffffa80369f6680
rip=fffff9600030271e rsp=fffffa603d968720 rbp=0000000000000000
r8=0000000000000000 r9=fffffa80369f6680 r10=fffffa803b6cdc48
r11=fffffa603d9687c8 r12=fffffa603d968810 r13=0000000000000000
r14=000000000000301f r15=0000000000000001
iopl=0         nv up ei pl nz na pe nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b             efl=00010202
win32k!PFFOBJ::pPvtDataMatch+0x12:
fffff960`0030271e f6430804        test    byte ptr [rbx+8],4 ds:002b:63647355`2308001b=??
Thanks
JT

Getting BSOD's pointing to this dll also. Started at around the same date as Jitinder's post. Maybe a new issue introduced has been introduced?
7: kd> !analyze -v
* Bugcheck Analysis *
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff9600011fda0, Address of the instruction which caused the bugcheck
Arg3: fffffa6027acd1d0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
"kernel32.dll" was not found in the image list.
Debugger will attempt to load "kernel32.dll" at given base 00000000`00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
Unable to add module at 00000000`00000000
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
win32k!PFEOBJ::vFreepfdg+e8
fffff960`0011fda0 0fba60300f bt dword ptr [rax+30h],0Fh
CONTEXT: fffffa6027acd1d0 -- (.cxr 0xfffffa6027acd1d0)
rax=00000000014c0000 rbx=0000000000000000 rcx=fffff900c009c2a0
rdx=fffffa802735ab80 rsi=fffff900c0b9b010 rdi=fffffa6027acda80
rip=fffff9600011fda0 rsp=fffffa6027acda30 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=fffffa802800a288
r11=fffffa802800a060 r12=0000000000000000 r13=0000000000000000
r14=000000001539ed50 r15=0000000000000001
iopl=0 nv up ei pl nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010207
win32k!PFEOBJ::vFreepfdg+0xe8:
fffff960`0011fda0 0fba60300f bt dword ptr [rax+30h],0Fh ds:002b:00000000`014c0030=????????
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: iexplore.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff960002e66d4 to fffff9600011fda0
STACK_TEXT:
fffffa60`27acda30 fffff960`002e66d4 : 00000000`00000000 fffffa80`2735ab50 00000000`00000001 00000000`746e6647 : win32k!PFEOBJ::vFreepfdg+0xe8
fffffa60`27acda60 fffff960`002f0cb7 : 00000000`00000000 fffff900`c008f000 fffff900`c0010000 00000000`00000000 : win32k!RFONTOBJ::vDeleteRFONT+0x210
fffffa60`27acdac0 fffff960`002f0926 : 00000000`00000000 fffff900`c2bfcca0 fffff900`c0ae4010 00000000`00000000 : win32k!vRestartKillRFONTList+0xab
fffffa60`27acdb10 fffff960`00275c79 : 00000000`00000000 00000000`00000001 fffffa80`235762b0 fffff900`00000002 : win32k!PFTOBJ::bUnloadWorkhorse+0x196
fffffa60`27acdb90 fffff960`002978e2 : fffffa80`2800a060 fffff900`c0b932a0 fffffa60`27acdca0 00000000`7457c444 : win32k!GreRemoveFontMemResourceEx+0xad
fffffa60`27acdbf0 fffff800`01a64173 : fffffa80`2800a060 fffffa60`27acdca0 00000000`7ee9f000 fffffa80`25803040 : win32k!NtGdiRemoveFontMemResourceEx+0x12
fffffa60`27acdc20 00000000`74513d09 : 00000000`74513cc5 00000023`77300682 00000000`00000023 00000000`00000202 : nt!KiSystemServiceCopyEnd+0x13
00000000`1539ed48 00000000`74513cc5 : 00000023`77300682 00000000`00000023 00000000`00000202 00000000`1767d5e0 : wow64cpu!CpupSyscallStub+0x9
00000000`1539ed50 00000000`7457ab36 : 00000000`77120000 00000000`1539fd20 00000000`60c8f022 00000000`1539f450 : wow64cpu!Thunk0Arg+0x5
00000000`1539edc0 00000000`7457a13a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : wow64!RunCpuSimulation+0xa
00000000`1539edf0 00000000`771847c8 : 00000000`00000000 00000000`00000000 00000000`7efdf000 00000000`00000000 : wow64!Wow64LdrpInitialize+0x4b6
00000000`1539f350 00000000`771461be : 00000000`1539f450 00000000`00000000 00000000`7efdf000 00000000`00000000 : ntdll! ?? ::FNODOBFM::`string'+0x1fba1
00000000`1539f400 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!LdrInitializeThunk+0xe
FOLLOWUP_IP:
win32k!PFEOBJ::vFreepfdg+e8
fffff960`0011fda0 0fba60300f bt dword ptr [rax+30h],0Fh
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: win32k!PFEOBJ::vFreepfdg+e8
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: win32k
IMAGE_NAME: win32k.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5202fc4d
STACK_COMMAND: .cxr 0xfffffa6027acd1d0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_win32k!PFEOBJ::vFreepfdg+e8
BUCKET_ID: X64_0x3B_win32k!PFEOBJ::vFreepfdg+e8
Followup: MachineOwner
7: kd> lmv m win32k
start end module name
fffff960`000d0000 fffff960`00389000 win32k (pdb symbols) c:\symcache\win32k.pdb\54B8C53009264F08A9D8CF1B4B56BCDC2\win32k.pdb
Loaded symbol image file: win32k.sys
Image path: \SystemRoot\System32\win32k.sys
Image name: win32k.sys
Timestamp: Thu Aug 08 04:02:53 2013 (5202FC4D)
CheckSum: 002B126B
ImageSize: 002B9000
File version: 6.0.6002.18912
Product version: 6.0.6002.18912
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: win32k.sys
OriginalFilename: win32k.sys
ProductVersion: 6.0.6002.18912
FileVersion: 6.0.6002.18912 (vistasp2_gdr.130807-1537)
FileDescription: Multi-User Win32 Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
7: kd> .cxr 0xfffffa6027acd1d0
rax=00000000014c0000 rbx=0000000000000000 rcx=fffff900c009c2a0
rdx=fffffa802735ab80 rsi=fffff900c0b9b010 rdi=fffffa6027acda80
rip=fffff9600011fda0 rsp=fffffa6027acda30 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=fffffa802800a288
r11=fffffa802800a060 r12=0000000000000000 r13=0000000000000000
r14=000000001539ed50 r15=0000000000000001
iopl=0 nv up ei pl nz na po cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010207
win32k!PFEOBJ::vFreepfdg+0xe8:
fffff960`0011fda0 0fba60300f bt dword ptr [rax+30h],0Fh ds:002b:00000000`014c0030=????????

Windows Server 2008 R2 SP1 - BSOD Stop Error 0x00000050 RDPWD.SYS

Hi all,
I have been struggling with a BSOD for the past 5 weeks and have scoured the web trying in vain to find someone else with the same issue.
Environment:
8 x 2008 R2 SP1 Windows Servers (8Gb RAM, 25Gb HDD) with Remote Desktop Services Roles installed, running as part of an RDS Farm. All Servers are VM Guests (hardware version 7) running on VMware vSphere v4.1.0-260247 Hosts (Dell
PowerEdge R710 - 128Gb RAM). Our vSphere 'farm' has 5 Hosts that connect to our EMC SAN via iSCSI with multipath routes.
Each RDS Server is load balanced via a Connection Broker, and each server has the same set of software / vm hardware installed. In a nutshell, each has Symantec Endpoint Protection v11.0.5002.333, Symantec Altiris v7.0, Microsoft Office 2007 as well as
other various software essential to these servers.
Symptoms:
Randomly throughout the day, one (or more) of the RDS Servers will crash with a BSOD more often than not with "caused by driver ntoskrnl.exe" sometimes with "cng.sys" and once with "ksecpkg.sys". So far in the 5 weeks I have had 90 crashes. Yesterday
all 8 of the RDS Servers crashed at some point throughout the day.
On a typical BSOD, it says:
The problem seems to be caused by the following file: ntoskrnl.exe
PAGE_FAULT_IN_NONPAGED_AREA
Technical Information:
*** STOP: 0x00000050 (0xfffffa800c153284, 0x0000000000000001, 0xfffff880053dc0c9, 0x0000000000000000)
*** ntoskrnl.exe - Address 0xfffff8000169ac40 base at 0xfffff8000161e000 DateStamp 0x4e02aaa3
Using BlueScreenView it says "caused by address: ntoskrnl.exe+7cc40" nearly every time.
I have analysed as best I could using Microsoft WinDbg, and this is the output of a typical mini-dump file:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [\\hqrds01\c$\Windows\Minidump\030112-19359-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\Program Files\Debugging Tools for Windows (x64)\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: Server, suite: TerminalServer
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`01609000 PsLoadedModuleList = 0xfffff800`0184e670
Debug session time: Thu Mar 1 09:14:00.921 2012 (UTC + 0:00)
System Uptime: 0 days 21:31:41.950
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
*                        Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffffa800be83284, 1, fffff8800576f0c9, 0}
Could not read faulting driver name
Probably caused by : RDPWD.SYS ( RDPWD!memcpy+1d9 )
Followup: MachineOwner
1: kd> !analyze -v
*                        Bugcheck Analysis
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa800be83284, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff8800576f0c9, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800018b8100
fffffa800be83284
FAULTING_IP:
RDPWD!memcpy+1d9
fffff880`0576f0c9 668901          mov     word ptr [rcx],ax
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
BUGCHECK_STR: 0x50
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800bf70a80 -- (.trap 0xfffff8800bf70a80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000023d rbx=0000000000000000 rcx=fffffa800be83284
rdx=ffffffffffe7e63b rsi=0000000000000000 rdi=0000000000000000
rip=fffff8800576f0c9 rsp=fffff8800bf70c18 rbp=0000000000000001
r8=000000000000001c r9=fffff8a0033401e8 r10=fffff8a0033401e8
r11=fffffa800be83268 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
RDPWD!memcpy+0x1d9:
fffff880`0576f0c9 668901          mov     word ptr [rcx],ax ds:0c40:fffffa80`0be83284=????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800016319fc to fffff80001685c40
STACK_TEXT:
fffff880`0bf70918 fffff800`016319fc : 00000000`00000050 fffffa80`0be83284 00000000`00000001 fffff880`0bf70a80 : nt!KeBugCheckEx
fffff880`0bf70920 fffff800`01683d6e : 00000000`00000001 fffffa80`0be83284 00000000`00000000 fffff8a0`0be85820 : nt! ?? ::FNODOBFM::`string'+0x4611f
fffff880`0bf70a80 fffff880`0576f0c9 : fffff880`057547cf 00000000`00000000 00000000`00000022 00000000`00000002 : nt!KiPageFault+0x16e
fffff880`0bf70c18 fffff880`057547cf : 00000000`00000000 00000000`00000022 00000000`00000002 fffff880`0576c99d : RDPWD!memcpy+0x1d9
fffff880`0bf70c20 fffff880`0576c9fc : fffff8a0`0f938010 00000000`00000022 00000000`00000019 00000000`00000002 : RDPWD!SM_MCSSendDataCallback+0x303
fffff880`0bf70c60 fffff880`0576b354 : fffff880`0bf70da0 fffff8a0`033401e8 00000000`00000000 fffff880`0576abfd : RDPWD!HandleAllSendDataPDUs+0x188
fffff880`0bf70d10 fffff880`0576af64 : 00000000`00000031 fffffa80`0bd01895 00000006`0000001f fffff880`05739079 : RDPWD!RecognizeMCSFrame+0x28
fffff880`0bf70d50 fffff880`029ba1f8 : fffff8a0`03345000 fffffa80`0bae6e80 fffffa80`0a5c0e60 fffff880`05737e00 : RDPWD!MCSIcaRawInputWorker+0x3d4
fffff880`0bf70df0 fffff880`057378d0 : 00000000`00000000 fffff880`0bf70f10 fffff880`0bf70f08 00000000`00000000 : termdd!IcaRawInput+0x50
fffff880`0bf70e20 fffff880`05736d85 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tssecsrv!CRawInputDM::PassDataToServer+0x2c
fffff880`0bf70e50 fffff880`057367c2 : fffffa80`088e8a28 fffffa80`00000000 00000000`00000031 fffff800`00000000 : tssecsrv!CFilter::FilterIncomingData+0xc9
fffff880`0bf70ef0 fffff880`029ba1f8 : fffff880`009b8180 00000000`00000001 00000000`00000000 00000000`00000000 : tssecsrv!ScrRawInput+0x82
fffff880`0bf70f60 fffff880`0572c4c5 : fffffa80`088e8a10 fffffa80`0bd01658 00000000`00000000 fffffa80`088e8a10 : termdd!IcaRawInput+0x50
fffff880`0bf70f90 fffff880`029baf3e : fffffa80`0bd01620 fffffa80`0c100420 fffffa80`0bd4b450 fffffa80`0973b9b0 : tdtcp!TdInputThread+0x465
fffff880`0bf71810 fffff880`029b9ae3 : fffffa80`09d902b0 fffffa80`0973b9b0 fffffa80`093d8520 fffffa80`0bd4b450 : termdd!IcaDriverThread+0x5a
fffff880`0bf71840 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : termdd!IcaDeviceControlStack+0x827
STACK_COMMAND: kb
FOLLOWUP_IP:
RDPWD!memcpy+1d9
fffff880`0576f0c9 668901          mov     word ptr [rcx],ax
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: RDPWD!memcpy+1d9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: RDPWD
IMAGE_NAME: RDPWD.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7ab45
FAILURE_BUCKET_ID: X64_0x50_VRF_RDPWD!memcpy+1d9
BUCKET_ID: X64_0x50_VRF_RDPWD!memcpy+1d9
Followup: MachineOwner
The RDS servers are set to reboot automatically, and after a period of 5 minutes or so, the users can reconnect and log back in. On a typical day each server will have around 10 people RDP'd in to them.
The Users connecting to the RDS Servers included XP laptops/desktops and IGEL UD-120-LX Thin Terminals. The XPs have SP3 installed and are fully patched via Symantec Altiris.
Things I have tried:
- Analyse the dump-files (as per above).
- I have tracked each user logging on to the RDS Farm (via batch scripts) and tried to determine if this is caused by the same individual(s) but it appears random.
- Check to see if the crashing Virtual Machine is running on a specific host, but it has happened on all Hosts.
- Check to see if there was anything specific that happened on the day that the crashes started. There were about 5 new poeple introduced to the RDS Farm at that time, but there were using (a) client machines that had been used previously elsewhere with
no issues, (b) software that had been used previously, (c) in a remote location that had previous users using RDS, (d) have not been logged on to a RDS Server when it has crashed.
- Updated Windows Server 2008 R2 SP1 to the latest patches (as of Feb 2012).
- Turned on Verifier (using recommended settings), and then analysed dump-files with the same reference to rdpwd.sys.
- Fixed the Memory Resource Reservation in vSphere to the full 8Gb for all these RDS Servers (so that the memory is not shared at all).
- Ran MEMTEST on a VM Guest with the full 8Gb RAM, on a couple of the ESX Hosts.
- Changed the VMTools Video Driver to the SVGA II driver from the Standard VGA Driver.
- Ran a full AV Scan (using SEP).
- Isolated the Printer Drivers using the Printer Management MMC.
- Ran sfc /scannow of all RDS Servers and rebooted.
The mini-dump file mentioned above is here:https://skydrive.live.com/redir.aspx?cid=48f471f287af2349&resid=48F471F287AF2349!105&parid=48F471F287AF2349!103
I hope someone can help, as what hair I have left (from pulling it out) is turning grey!
Andy

*                        Bugcheck Analysis
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa800c153284, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff880053dc0c9, If non-zero, the instruction address which referenced the bad memory
   address.
Arg4: 0000000000000000, (reserved)
Debugging Details:
Could not read faulting driver name
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800018cd100
fffffa800c153284
FAULTING_IP:
RDPWD!memcpy+1d9
fffff880`053dc0c9 668901          mov     word ptr [rcx],ax
MM_INTERNAL_CODE: 0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VERIFIER_ENABLED_VISTA_MINIDUMP
BUGCHECK_STR: 0x50
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800aa48a80 -- (.trap 0xfffff8800aa48a80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000000001ff rbx=0000000000000000 rcx=fffffa800c153284
rdx=ffffffffffee6b8b rsi=0000000000000000 rdi=0000000000000000
rip=fffff880053dc0c9 rsp=fffff8800aa48c18 rbp=0000000000000001
r8=000000000000001c r9=fffff8a0123923a8 r10=fffff8a0123923a8
r11=fffffa800c153268 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
RDPWD!memcpy+0x1d9:
fffff880`053dc0c9 668901          mov     word ptr [rcx],ax ds:8c40:fffffa80`0c153284=????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800016469fc to fffff8000169ac40
STACK_TEXT:
fffff880`0aa48918 fffff800`016469fc : 00000000`00000050 fffffa80`0c153284 00000000`00000001 fffff880`0aa48a80 : nt!KeBugCheckEx
fffff880`0aa48920 fffff800`01698d6e : 00000000`00000001 fffffa80`0c153284 00000000`00000000 fffff8a0`10919830 : nt! ?? ::FNODOBFM::`string'+0x4611f
fffff880`0aa48a80 fffff880`053dc0c9 : fffff880`053c17cf 00000000`00000000 00000000`00000022 00000000`00000002 : nt!KiPageFault+0x16e
fffff880`0aa48c18 fffff880`053c17cf : 00000000`00000000 00000000`00000022 00000000`00000002 fffff880`053d999d : RDPWD!memcpy+0x1d9
fffff880`0aa48c20 fffff880`053d99fc : fffff8a0`10cf30d0 00000000`00000022 00000000`00000019 00000000`00000002 : RDPWD!SM_MCSSendDataCallback+0x303
fffff880`0aa48c60 fffff880`053d8354 : fffff880`0aa48da0 fffff8a0`123923a8 00000000`00000000 fffff880`053d7bfd : RDPWD!HandleAllSendDataPDUs+0x188
fffff880`0aa48d10 fffff880`053d7f64 : 00000000`00000031 fffffa80`0c039de5 00000006`0000001f fffff880`053a6079 : RDPWD!RecognizeMCSFrame+0x28
fffff880`0aa48d50 fffff880`012c01f8 : fffff8a0`12393000 fffffa80`0bb7aa60 fffffa80`0b81e9c0 fffff880`053a4e00 : RDPWD!MCSIcaRawInputWorker+0x3d4
fffff880`0aa48df0 fffff880`053a48d0 : 00000000`00000000 fffff880`0aa48f10 fffff880`0aa48f08 fffffa80`0c039ba8 : termdd!IcaRawInput+0x50
fffff880`0aa48e20 fffff880`053a3d85 : fffff880`01716890 fffffa80`0c0327e8 00000000`00000000 00000000`00000000 : tssecsrv!CRawInputDM::PassDataToServer+0x2c
fffff880`0aa48e50 fffff880`053a37c2 : fffffa80`0c16e598 fffffa80`00000000 00000000`00000031 fffff800`00000000 : tssecsrv!CFilter::FilterIncomingData+0xc9
fffff880`0aa48ef0 fffff880`012c01f8 : fffff880`009b8180 00000000`00000001 00000000`00000000 00000000`00000000 : tssecsrv!ScrRawInput+0x82
fffff880`0aa48f60 fffff880`052994c5 : fffffa80`0c16e580 fffffa80`0c039ba8 00000000`00000000 fffffa80`0c16e580 : termdd!IcaRawInput+0x50
fffff880`0aa48f90 fffff880`012c0f3e : fffffa80`0c039b70 fffffa80`0acccf20 fffffa80`0a95c450 fffffa80`0abf9620 : tdtcp!TdInputThread+0x465
fffff880`0aa49810 fffff880`012bfae3 : fffffa80`0c0a6560 fffffa80`0abf9620 fffffa80`087eee80 fffffa80`0a95c450 : termdd!IcaDriverThread+0x5a
fffff880`0aa49840 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : termdd!IcaDeviceControlStack+0x827
STACK_COMMAND: kb
FOLLOWUP_IP:
RDPWD!memcpy+1d9
fffff880`053dc0c9 668901          mov     word ptr [rcx],ax
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: RDPWD!memcpy+1d9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: RDPWD
IMAGE_NAME: RDPWD.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7ab45
FAILURE_BUCKET_ID: X64_0x50_VRF_RDPWD!memcpy+1d9
BUCKET_ID: X64_0x50_VRF_RDPWD!memcpy+1d9
Followup: MachineOwner
Bug Check Code 0x50:http://msdn.microsoft.com/en-us/library/windows/hardware/ff559023%28v=vs.85%29.aspx
Please start by that:
Update all possible drivers
Uninstall all unused programs
Disable all security softwares you have
Run chkdsk /r /f and sfc /scannow
Run memtest86+ to check if all is okay with your RAM. If an error was detected then replace the faulty RAM or contact your manufacturer Technical Support
If this does not help then upload MEMORY.DMP file (You can zip it and divide it using 7-ZIP) using Microsoft Skydrive and post a link here.
You can also contact Microsoft CSS for assistance.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft
Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer

Blue Screen of Death of multiple Windows Multipoint Servers at the same time in NUServer64.sys

Hi, we are running
Windows MultiPoint Server 2011 on 4 Dell 9010 machines and 45 Wyse E02 clients connected by 4 switches. Every week we got 2 or 3 random BSoD for all servers at the same time. Memory dump for server 2,3,4 show that the exception is from NUServer64.sys.
Please check below for the system event logs and memory dump analysis output. Any help would be appreciated!
server1:
Warning 11/17/2013 8:55:52 PM
e1cexpress 27
None
Critical 11/17/2013 8:55:48 PM
Kernel-Power 41
(63)
Error 11/17/2013 8:56:08 PM
BugCheck 1001
None
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0x0000000000000000, 0x0000000000000008, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111813-19765-01.
Error 11/17/2013 8:56:03 PM
EventLog 6008
None
The previous system shutdown at 12:53:40 on 2013/11/18 was unexpected.
Error 11/17/2013 6:55:49 PM
Disk 11
None
The driver detected a controller error on \Device\Harddisk2\DR2.
Error 11/17/2013 6:55:48 PM
Disk 11
None
The driver detected a controller error on \Device\Harddisk2\DR2.
Warning 11/17/2013 3:42:08 PM
Microsoft-Windows-TerminalServices-Licensing
18 None
server2:
Warning 11/17/2013 8:55:39 PM
e1cexpress 27
None
Critical 11/17/2013 8:55:31 PM
Kernel-Power 41
(63)
Error 11/17/2013 8:55:52 PM
BugCheck 1001
None
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff80002c80166, 0xfffff880023397e8, 0xfffff88002339040). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111813-17518-01.
Error 11/17/2013 8:55:44 PM
EventLog 6008
None
The previous system shutdown at 12:53:53 on 2013/11/18 was unexpected.
Warning 11/17/2013 7:16:07 PM
NUServer64 3
None
server3:
Warning 11/17/2013 8:55:38 PM
Microsoft-Windows-TerminalServices-Licensing
18 None
Error 11/17/2013 8:55:31 PM
BugCheck 1001
None
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x000000000000009a, 0x0000000000417c94, 0x0000000000000006, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111813-9937-01.
Warning 11/17/2013 8:55:24 PM
e1cexpress 27
None
Critical 11/17/2013 8:55:21 PM
Kernel-Power 41
(63)
Error 11/17/2013 8:55:27 PM
EventLog 6008
None
The previous system shutdown at 12:53:49 on 2013/11/18 was unexpected.
server4:
Warning 11/17/2013 8:55:33 PM
Microsoft-Windows-TerminalServices-Licensing
18 None
Warning 11/17/2013 8:55:09 PM
e1cexpress 27
None
Critical 11/17/2013 8:55:05 PM
Kernel-Power 41
(63)
Error 11/17/2013 8:55:25 PM
BugCheck 1001
None
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000100000001, 0x0000000000000002, 0x0000000000000001, 0xfffff8000328abe6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111813-14055-01.
Error 11/17/2013 8:55:14 PM
EventLog 6008
None
The previous system shutdown at 12:53:21 on 2013/11/18 was unexpected.
Error 11/17/2013 8:51:47 PM
NUServer64 4
None
\Device\NUServer_995D6600
<995D6600_3> Disconnect fail.
Error 11/17/2013 8:51:47 PM
NUServer64 4
None
\Device\NUServer_995D6600
<995D6600_3> Connect fail.
Warning 11/17/2013 8:51:47 PM
NUServer64 3
None
\Device\NUServer_995D6600
<995D6600_3> Connect time-out.
Warning 11/17/2013 8:50:00 PM
NUServer64 3
None
\Device\NUServer_995B9000
<995B9000_3> Hi-Perf socket active clear.
Error 11/17/2013 8:49:25 PM
NUServer64 4
None
\Device\NUServer_995D6600
<995D6600_3> Disconnect fail.
Error 11/17/2013 8:49:25 PM
NUServer64 4
None
\Device\NUServer_995D6600
<995D6600_3> Connect fail.
Warning 11/17/2013 8:49:25 PM
NUServer64 3
None
\Device\NUServer_995D6600
<995D6600_3> Connect time-out.

Memory dumps:
server1:
2: kd> !analyze -v
* Bugcheck Analysis *
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: 0000000000000000, The address that the exception occurred at
Arg3: 0000000000000008, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
+3031623733386137
00000000`00000000 ?? ???
EXCEPTION_PARAMETER1: 0000000000000008
EXCEPTION_PARAMETER2: 0000000000000000
WRITE_ADDRESS: 0000000000000000
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
BUGCHECK_STR: 0x1E_c0000005
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800c744860 -- (.trap 0xfffff8800c744860)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=0000000000000000 rsp=fffff8800c7449f0 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000f44 r10=fffff80003602000
r11=0000000000000358 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
00000000`00000000 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800036c2738 to fffff80003677bc0
STACK_TEXT:
fffff880`0c743fd8 fffff800`036c2738 : 00000000`0000001e ffffffff`c0000005 00000000`00000000 00000000`00000008 : nt!KeBugCheckEx
fffff880`0c743fe0 fffff800`03677242 : fffff880`0c7447b8 00000000`00000030 fffff880`0c744860 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x487ed
fffff880`0c744680 fffff800`03675dba : 00000000`00000008 00000000`00000000 00000009`00000000 00000000`00000030 : nt!KiExceptionDispatch+0xc2
fffff880`0c744860 00000000`00000000 : 00000000`00000030 ffffffff`fffe7960 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x23a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+487ed
fffff800`036c2738 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+487ed
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 521ea035
FAILURE_BUCKET_ID: X64_0x1E_c0000005_nt!_??_::FNODOBFM::_string_+487ed
BUCKET_ID: X64_0x1E_c0000005_nt!_??_::FNODOBFM::_string_+487ed
Followup: MachineOwner
server2:
0: kd> !analyze -v
* Bugcheck Analysis *
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002c80166, The address that the exception occurred at
Arg3: fffff880023397e8, Exception Record Address
Arg4: fffff88002339040, Context Record Address
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!KeSetEvent+16
fffff800`02c80166 f6037f test byte ptr [rbx],7Fh
EXCEPTION_RECORD: fffff880023397e8 -- (.exr 0xfffff880023397e8)
ExceptionAddress: fffff80002c80166 (nt!KeSetEvent+0x0000000000000016)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 000000010f7f0a50
Attempt to read from address 000000010f7f0a50
CONTEXT: fffff88002339040 -- (.cxr 0xfffff88002339040)
rax=0000000000000000 rbx=000000010f7f0a50 rcx=0000000000000001
rdx=0000000000000000 rsi=fffffa800f7ec050 rdi=fffffa800f7ec1a0
rip=fffff80002c80166 rsp=fffff88002339a20 rbp=000000010f7f0a50
r8=0000000000000000 r9=0000000000000150 r10=fffff80002c06000
r11=fffff88002339a30 r12=0000000000000000 r13=fffffa800de82220
r14=fffffa800f7f0ae0 r15=0000000000000002
iopl=0 nv up ei ng nz na pe nc
cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010282
nt!KeSetEvent+0x16:
fffff800`02c80166 f6037f test byte ptr [rbx],7Fh ds:002b:00000001`0f7f0a50=??
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 000000010f7f0a50
READ_ADDRESS: 000000010f7f0a50
FOLLOWUP_IP:
NUServer64+65f1
fffff880`0ab8c5f1 488b6c2448 mov rbp,qword ptr [rsp+48h]
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from fffff8800ab8c5f1 to fffff80002c80166
STACK_TEXT:
fffff880`02339a20 fffff880`0ab8c5f1 : 00000000`000003f0 00000001`00000000 fffffa80`0f7ec000 00000000`00000500 : nt!KeSetEvent+0x16
fffff880`02339a90 fffff880`0ab8c8aa : fffffa80`0f7ec1a0 fffffa80`0f7eeb0c fffffa80`0f7ee2c8 00000000`00000002 : NUServer64+0x65f1
fffff880`02339ad0 fffff800`02f721d3 : fffffa80`0f7f0ae0 fffffa80`0f7ec260 fffffa80`0f7ec050 fffffa80`0c72e040 : NUServer64+0x68aa
fffff880`02339b40 fffff800`02c85261 : fffff800`02e21200 fffff800`02f72101 fffffa80`0c72e000 00000000`00000000 : nt!IopProcessWorkItem+0x23
fffff880`02339b70 fffff800`02f182ea : 501a7d4d`a14dcd79 fffffa80`0c72e040 00000000`00000080 fffffa80`0c70b6f0 : nt!ExpWorkerThread+0x111
fffff880`02339c00 fffff800`02c6c8e6 : fffff880`01f42180 fffffa80`0c72e040 fffff880`01f4d0c0 9ae0ec34`00b81aae : nt!PspSystemThreadStartup+0x5a
fffff880`02339c40 00000000`00000000 : fffff880`0233a000 fffff880`02334000 fffff880`02339370 00000000`00000000 : nt!KiStartSystemThread+0x16
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: NUServer64+65f1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NUServer64
IMAGE_NAME: NUServer64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4f66a064
STACK_COMMAND: .cxr 0xfffff88002339040 ; kb
FAILURE_BUCKET_ID: X64_0x7E_NUServer64+65f1
BUCKET_ID: X64_0x7E_NUServer64+65f1
Followup: MachineOwner
server3:
0: kd> !analyze -v
* Bugcheck Analysis *
PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 000000000000009a,
Arg2: 0000000000417c94
Arg3: 0000000000000006
Arg4: 0000000000000002
Debugging Details:
BUGCHECK_STR: 0x4E_9a
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002d629ef to fffff80002cd3bc0
STACK_TEXT:
fffff880`14417968 fffff800`02d629ef : 00000000`0000004e 00000000`0000009a 00000000`00417c94 00000000`00000006 : nt!KeBugCheckEx
fffff880`14417970 fffff800`02e0403b : fffff880`14417a08 fffffa80`10cd1b88 fffff880`144179e0 00000000`000005a0 : nt!MiBadRefCount+0x4f
fffff880`144179b0 fffff800`02e078a7 : fffffa80`12894000 00000000`00000000 fffff6fb`7ea004a0 fffff800`00000001 : nt!MiFreePoolPages+0xa8b
fffff880`14417ac0 fffff880`0ad8d07a : 00000000`00000003 fffffa80`0f4471a0 fffffa80`36747345 fffffa80`00000000 : nt!ExFreePoolWithTag+0x7c7
fffff880`14417b70 fffff800`02f702ea : fffffa80`10cd1a80 00000000`00000080 fffffa80`0c70a740 003f005c`005c0000 : NUServer64+0x1707a
fffff880`14417c00 fffff800`02cc48e6 : fffff800`02e4ee80 fffffa80`10cd1a80 fffff800`02e5ccc0 00310026`00330023 : nt!PspSystemThreadStartup+0x5a
fffff880`14417c40 00000000`00000000 : fffff880`14418000 fffff880`14412000 fffff880`144174b0 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
NUServer64+1707a
fffff880`0ad8d07a 440f20c0 mov rax,cr8
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: NUServer64+1707a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NUServer64
IMAGE_NAME: NUServer64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4f66a064
FAILURE_BUCKET_ID: X64_0x4E_9a_NUServer64+1707a
BUCKET_ID: X64_0x4E_9a_NUServer64+1707a
Followup: MachineOwner

Blue Screen of Death on boot: ctaud2k.sys

Blue screen of Death on boot: ctaud2k.sys
MEMORY.DMP analysis:
(minidump will follow shortly)
Microsoft (R) Windows Debugger Version 6..000.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
Symbol search path is:
SRV*c:\Tools\WinDbg\WebSymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free
x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_gdr.0026-30
Machine Name:
Kernel base = 0xfffff800`0000000 PsLoadedModuleList = 0xfffff800`0d440
Debug session time: Wed Dec 29 03:8:25.609 200 (GMT+)
System Uptime: 0 days 0:0:24.536
Loading Kernel Symbols
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`7efdf08). Type ".hh dbgerr00" for
details
Loading unloaded module list
*????? Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffffadf8ebb5398, fffffadf8c644c0, 0}
Page ac7d4 not present in the dump file. Type ".hh dbgerr004" for details
Page acb29 not present in the dump file. Type ".hh dbgerr004" for details
*** ERROR: Module load completed but symbols could not be loaded for
ctaud2k.sys
*** ERROR: Module load completed but symbols could not be loaded for
ctprxy2k.sys
PEB is paged out (Peb.Ldr = 00000000`7efdf08). Type ".hh dbgerr00" for
details
PEB is paged out (Peb.Ldr = 00000000`7efdf08). Type ".hh dbgerr00" for
details
Probably caused by : ctaud2k.sys ( ctaud2k+e398 )
Followup: MachineOwner
: kd> !analyze -v
*????? Bugcheck Analysis
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffffadf8ebb5398, Address of the exception record for the exception
that caused the bugcheck
Arg3: fffffadf8c644c0, Address of the context record for the exception that
caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
Page ac7d4 not present in the dump file. Type ".hh dbgerr004" for details
Page acb29 not present in the dump file. Type ".hh dbgerr004" for details
PEB is paged out (Peb.Ldr = 00000000`7efdf08). Type ".hh dbgerr00" for
details
PEB is paged out (Peb.Ldr = 00000000`7efdf08). Type ".hh dbgerr00" for
details
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
ctaud2k+e398
fffffadf`8ebb5398 488b02?? mov? rax,qword ptr [rdx]
CONTEXT:? fffffadf8c644c0 -- (.cxr 0xfffffadf8c644c0)
rax=000000000000000 rbx=fffffadf9a6390 rcx=000000000000000
rdx=0000008ffffffff rsi=fffffadf9a63260 rdi=0000000000000000
rip=fffffadf8ebb5398 rsp=fffffadf8c64cd0 rbp=fffffadf99c04330
?r8=fffffadf99c04330? r9=fffffadf9c6ff570 r0=fffffadf99c04330
r=fffffadf8c64d98 r2=0000000000000000 r3=fffffadf8c64d98
r4=000000000000000 r5=fffffadf9a632a8
iopl=0?? nv up ei pl nz na po nc
cs=000? ss=008? ds=002b? es=002b? fs=0053. gs=002b
efl=0000206
ctaud2k+0xe398:
fffffadf`8ebb5398 488b02?? mov? rax,qword ptr [rdx]
ds:002b:0000008`ffffffff=???
Resetting default scope
DEFAULT_BUCKET_ID:? DRIVER_FAULT
BUGCHECK_STR:? 0x3B
PROCESS_NAME:? DLLML.exe
CURRENT_IRQL:? 0
LAST_CONTROL_TRANSFER:? from fffffadf90b88785 to fffffadf8ebb5398
STACK_TEXT:
fffffadf`8c64cd0 fffffadf`90b88785 : 00000000`20206f49 fffff800`005039a
fffffadf`99c04330 fffffadf`9a6390 : ctaud2k+0xe398
fffffadf`8c64d50 fffff800`027f3 : 00000000`0000000 fffffadf`00000000
fffffadf`8c6500 00000000`00000000 : ctprxy2k+0x5785
fffffadf`8c64d90 fffff800`027ec36 : 00000000`0000034 00000000`00000000
00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xa79
fffffadf`8c64eb0 fffff800`002e33d : fffffadf`99ee2c20 fffffadf`9c8bbb70
fffffadf`8c64f00 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
fffffadf`8c64f20 00000000`78b83e48 : 00000000`00000000 00000000`00000000
00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x3
00000000`006dd98 fffff800`0026640 : 00000000`00000000 00000000`00000000
00000000`00000000 00000000`00000000 : 0x78b83e48
fffffadf`8c65320 00000000`00000000 : 00000000`00000000 00000000`00000000
00000000`00000000 00000000`00000000 : nt!KiCallUserMode
FOLLOWUP_IP:
ctaud2k+e398
fffffadf`8ebb5398 488b02?? mov? rax,qword ptr [rdx]
SYMBOL_STACK_INDEX:? 0
SYMBOL_NAME:? ctaud2k+e398
FOLLOWUP_NAME:? MachineOwner
MODULE_NAME: ctaud2k
IMAGE_NAME:? ctaud2k.sys
DEBUG_FLR_IMAGE_TIMESTAMP:? 4a26ba
STACK_COMMAND:? .cxr 0xfffffadf8c644c0 ; kb
FAILURE_BUCKET_ID:? X64_0x3B_ctaud2k+e398
BUCKET_ID:? X64_0x3B_ctaud2k+e398
Followup: MachineOwner
Bye,
? Skybuck.

Minidump:
<a rel="nofollow" target="_blank" href="http://members.home.nl/hbthouppermans/MiniDump/Mini2290-0.dmp"]http://members.home.nl/hbthouppermans/MiniDump/Mini2290-0.dmp[/url]
Microsoft (R) Windows Debugger Version 6..000.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\Minidump\Mini2290-0.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is:
SRV*c:\Tools\WinDbg\WebSymbols*<a rel="nofollow" target="_blank" href="http://msdl.microsoft.com/download/symbols"]http://msdl.microsoft.com/download/symbols[/url]
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (2 procs) Free
x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 3790.srv03_sp2_gdr.0026-30
Machine Name:
Kernel base = 0xfffff800`0000000 PsLoadedModuleList = 0xfffff800`0d440
Debug session time: Wed Dec 29 03:8:25.609 200 (GMT+)
System Uptime: 0 days 0:0:24.536
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
*????? Bugcheck Analysis
Use !analyze -v to get detailed debugging information.
BugCheck 3B, {c0000005, fffffadf8ebb5398, fffffadf8c644c0, 0}
Unable to load image \SystemRoot\system32\drivers\ctaud2k.sys, Win32 error
0n2
*** WARNING: Unable to verify timestamp for ctaud2k.sys
*** ERROR: Module load completed but symbols could not be loaded for
ctaud2k.sys
Probably caused by : ctaud2k.sys ( ctaud2k+e398 )
Followup: MachineOwner
: kd> !analyze -v
*????? Bugcheck Analysis
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffffadf8ebb5398, Address of the exception record for the exception
that caused the bugcheck
Arg3: fffffadf8c644c0, Address of the context record for the exception that
caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
ctaud2k+e398
fffffadf`8ebb5398 ??
CONTEXT:? fffffadf8c644c0 -- (.cxr 0xfffffadf8c644c0)
rax=000000000000000 rbx=fffffadf9a6390 rcx=000000000000000
rdx=0000008ffffffff rsi=fffffadf9a63260 rdi=0000000000000000
rip=fffffadf8ebb5398 rsp=fffffadf8c64cd0 rbp=fffffadf99c04330
?r8=fffffadf99c04330? r9=fffffadf9c6ff570 r0=fffffadf99c04330
r=fffffadf8c64d98 r2=0000000000000000 r3=fffffadf8c64d98
r4=000000000000000 r5=fffffadf9a632a8
iopl=0?? nv up ei pl nz na po nc
cs=000? ss=008? ds=002b? es=002b? fs=0053. gs=002b
efl=0000206
ctaud2k+0xe398:
fffffadf`8ebb5398 ??
Resetting default scope
CUSTOMER_CRASH_COUNT:?
DEFAULT_BUCKET_ID:? DRIVER_FAULT
BUGCHECK_STR:? 0x3B
PROCESS_NAME:? DLLML.exe
CURRENT_IRQL:? 0
LAST_CONTROL_TRANSFER:? from 0000000000000000 to fffffadf8ebb5398
STACK_TEXT:
fffffadf`8c64cd0 00000000`00000000 : fffff800`00000000 00000000`00000000
00000000`00000000 00000000`20206f49 : ctaud2k+0xe398
FOLLOWUP_IP:
ctaud2k+e398
fffffadf`8ebb5398 ??
SYMBOL_STACK_INDEX:? 0
SYMBOL_NAME:? ctaud2k+e398
FOLLOWUP_NAME:? MachineOwner
MODULE_NAME: ctaud2k
IMAGE_NAME:? ctaud2k.sys
DEBUG_FLR_IMAGE_TIMESTAMP:? 4a26ba
STACK_COMMAND:? .cxr 0xfffffadf8c644c0 ; kb
FAILURE_BUCKET_ID:? X64_0x3B_ctaud2k+e398
BUCKET_ID:? X64_0x3B_ctaud2k+e398
Followup: MachineOwner
Bye,
? Skybuck.

Windows 8 Pro (64 Bit) error/crash: DRIVER_IRQL_NOT_LESS_OR_EQUAL (tcpip.sys)

Hi,
I bought a new computer with Windows 8 Pro (64 Bit) in February/March 2013 and it has crashed almost every day I've had it (it crashes at least every two days). Despite constantly sending the details of the crash through to Microsoft it doesn't seems
to have been addressed. The error message that pops up every time is the same. It is on a blue screen and says:
"Your computer has encountered an error and needs to restart :(
DRIVER_IRQL_NOT_LESS_OR_EQUAL (tcpip.sys)"
Can someone please explain what I need to do to fix this? I am not a tech head so some step by step instructions would be great. Can i (re)install new drivers etc or is this a common fault of Windows 8? This is driving me crazy. It
certainly doesn't make me feel like I have a new computer that's for sure!
I just read one post that suggested someone's fault ma be because of antivirus software AVG Internet Security 2013 (which I have). How can I find out iof this is the case? And if this software doesn't work with Windows 8 does anyone know
what is the best to use with Windows 8?
Any help would be massively appreciated.
Cheers,
rdtro1

* Bugcheck Analysis *
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff88001b83e58, address which referenced memory
Debugging Details:
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800197d7168
GetUlongFromAddress: unable to read from fffff800197d71f8
0000000000000000 Nonpaged pool
CURRENT_IRQL: 2
FAULTING_IP:
tcpip!FlpReturnNetBufferListChain+e2738
fffff880`01b83e58 488b01 mov rax,qword ptr [rcx]
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: AV
PROCESS_NAME: System
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
TRAP_FRAME: fffff88002b38880 -- (.trap 0xfffff88002b38880)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8004f6fc40 rbx=0000000000000000 rcx=0000000000000000
rdx=fffffa8004f6fc41 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001b83e58 rsp=fffff88002b38a10 rbp=0000000000000000
r8=fffffa8004f6fc40 r9=0000000000000000 r10=fffff88001400e80
r11=fffffa80061113d0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
tcpip!FlpReturnNetBufferListChain+0xe2738:
fffff880`01b83e58 488b01 mov rax,qword ptr [rcx] ds:00000000`00000000=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800194d8769 to fffff800194d9440
STACK_TEXT:
00 nt!KeBugCheckEx
01 nt!KiBugCheckDispatch
02 nt!KiPageFault
03 tcpip!FlpReturnNetBufferListChain
04 NETIO!NetioDereferenceNetBufferList
05 fwpkclnt!FwppDereferenceNetioNetBufferList
06 fwpkclnt!FwpsDereferenceNetBufferList0
07 tunnel!TunnelUserRestoreAndFreeNblAndNbState
08 tunnel!TunnelUserReturnNetBufferLists
09 ndis!ndisInvokeNextReceiveCompleteHandler
0a ndis!NdisReturnNetBufferLists
0b tcpip!FlpReturnNetBufferListChain
0c NETIO!NetioDereferenceNetBufferListChain
0d tcpip!TcpFlushDelay
0e tcpip!TcpPreValidatedReceive
0f tcpip!IppDeliverListToProtocol
10 tcpip!IppProcessDeliverList
11 tcpip!IppReceiveHeaderBatch
12 tcpip!IpFlcReceivePackets
13 tcpip!FlpReceiveNonPreValidatedNetBufferListChain
14 tcpip!FlReceiveNetBufferListChainCalloutRoutine
15 nt!KeExpandKernelStackAndCalloutInternal
16 nt!KeExpandKernelStackAndCalloutEx
17 tcpip!FlReceiveNetBufferListChain
18 ndis!ndisMIndicateNetBufferListsToOpen
19 ndis!ndisInvokeNextReceiveHandler
1a ndis!NdisMIndicateReceiveNetBufferLists
1b tunnel!TeredoWfpIndicationWorker
1c tunnel!LwWorker
1d nt!IopProcessWorkItem
1e nt!ExpWorkerThread
1f nt!PspSystemThreadStartup
20 nt!KiStartSystemThread
Image path: \SystemRoot\system32\DRIVERS\tunnel.sys
Image name: tunnel.sys
Browse all global symbols functions data
Timestamp: Thu Jul 26 04:23:04 2012 (5010AA08)
CheckSum: 000296F2
ImageSize: 0002C000
File version: 6.2.9200.16384
Product version: 6.2.9200.16384
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 3.6 Driver
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: tunnel.sys
OriginalFilename: tunnel.sys
ProductVersion: 6.2.9200.16384
FileVersion: 6.2.9200.16384 (win8_rtm.120725-1247)
FileDescription: Microsoft Tunnel Interface Driver
LegalCopyright: © Microsoft Corporation. All rights reserved.
Disable the Teredo Tunneling Pseudo-interface 6to4 Adapter
How to Disable Teredo Tunneling Pseudo-interface 6to4 Adapter
http://blogs.msdn.com/b/richin/archive/2010/11/26/how-to-disable-teredo-tunneling-pseudo-interface-6to4-adapter.aspx
Does this fix it?
"A programmer is just a tool which converts caffeine into code"

Win 8.1 BSOD MEMORY_MANAGEMENT (0x1a_3453) - Potential iastor.sys (Intel ICH9R) issue

After upgrading to Windows 8, then 8.1 from Windows 7 I have been experiencing frequent BSOD halts that appear to be related to the storage driver. Version 12.8 of the intel driver and utility has been used up until now. I have tried an older version (10.8)
of the driver and utility as that was reported to work will with Win 8. I have also (and currently) upgraded to the latest driver 12.9.0.1001 which was released only a few months ago. The issue appears to occur when the system is under high load for
extended periods (e.g. video rendering or extended game play). My guess is that as it's a memory management issue related to when the swap file is being extensively used.
I have a large number of mini-dumps available all with the same error id, and same sub-type. I have scanned the pc to confirm no infections, rootkits or other malware appear to be contributing to this issue. Suggestions or a fix would be greatly appreciated!
Here is some data from the latest full dump:
0: kd> .symfix
0: kd> .reload
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
0: kd> !analyze -vv
*                        Bugcheck Analysis
MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000003453, The subtype of the bugcheck.
Arg2: ffffe00001bae2c0
Arg3: 0000000000125529
Arg4: 0000000000000004
Debugging Details:
BUILD_VERSION_STRING: 9600.16452.amd64fre.winblue_gdr.131030-1505
SYSTEM_MANUFACTURER: System manufacturer
SYSTEM_PRODUCT_NAME: System manufacturer
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: 1403
BASEBOARD_MANUFACTURER: ASUSTeK Computer INC.
OVERLAPPED_UNLOADED_MODULE: Address regions for 'dump_iaStorA'
and 'dump_iaStorA.sys (unloaded)' overlap
BUGCHECK_STR: 0x1a_3453
CPU_MICROCODE: 6,f,b,0 (F,M,S,R) SIG: C1'00000000 (cache) C1'00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: SILENTBOB
ANALYSIS_SESSION_TIME: 01-04-2014 00:07:43.0544
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
LAST_CONTROL_TRANSFER: from fffff8021b1ff0a5 to fffff8021b1cdca0
STACK_TEXT:
ffffd000`21a4a8b8 fffff802`1b1ff0a5 : 00000000`0000001a 00000000`00003453 ffffe000`01bae2c0 00000000`00125529 : nt!KeBugCheckEx
ffffd000`21a4a8c0 fffff802`1b472fed : ffffffff`ffffffff ffffe000`06eae0b0 ffffe000`04e98a60 ffffe000`01bae5a8 : nt! ?? ::FNODOBFM::`string'+0x20f05
ffffd000`21a4a960 fffff802`1b472ae9 : ffffe000`01bae2c0 ffffe000`04e98a60 ffffe000`01bae5a8 00000000`00000001 : nt!MmDeleteProcessAddressSpace+0x35
ffffd000`21a4a9a0 fffff802`1b4aebf8 : 00000000`00000000 00000000`00000000 ffffe000`01bae2c0 ffffe000`000c32f0 : nt!PspProcessDelete+0x199
ffffd000`21a4aa40 fffff802`1b0bb60f : 00000000`00000000 ffffd000`21a4ab69 ffffe000`01bae2c0 ffffe000`07eee000 : nt!ObpRemoveObjectRoutine+0x64
ffffd000`21a4aaa0 fffff802`1b10a3d2 : ffffe000`07eee000 ffffe000`07eeede8 ffffe000`07eeeff8 ffffe000`07eee048 : nt!ObfDereferenceObject+0x8f
ffffd000`21a4aae0 fffff802`1b4769b5 : 00000000`00000000 00000000`00000000 ffffd000`21a4ab69 ffffe000`07eeede8 : nt!MmFreeAccessPfnBuffer+0x22
ffffd000`21a4ab10 fffff802`1b6805ce : 00000000`00000001 fffff802`1b31f928 00000000`00000000 ffffe000`00000000 : nt!PfpFlushBuffers+0x24d
ffffd000`21a4abd0 fffff802`1b10d2e4 : 00000000`00000000 ffffe000`04e98740 ffffe000`04e98740 ffffe000`000ee900 : nt!PfTLoggingWorker+0x156
ffffd000`21a4ad40 fffff802`1b1d42c6 : ffffd000`201d5180 ffffe000`04e98740 ffffd000`201e11c0 ffffc000`04accdd0 : nt!PspSystemThreadStartup+0x58
ffffd000`21a4ada0 00000000`00000000 : ffffd000`21a4b000 ffffd000`21a45000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+20f05
fffff802`1b1ff0a5 cc              int     3
FAULT_INSTR_CODE: 85c6ffcc
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+20f05
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 52718d9c
BUCKET_ID_FUNC_OFFSET: 20f05
FAILURE_BUCKET_ID: 0x1a_3453_VRF_nt!_??_::FNODOBFM::_string_
BUCKET_ID: 0x1a_3453_VRF_nt!_??_::FNODOBFM::_string_
ANALYSIS_SESSION_ELAPSED_TIME: fdb
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x1a_3453_vrf_nt!_??_::fnodobfm::_string_
FAILURE_ID_HASH: {218cdcfe-f420-cf6d-10b1-e3e8392a9d9e}
Followup: MachineOwner
0: kd> kb
RetAddr           : Args to Child
: Call Site
fffff802`1b1ff0a5 : 00000000`0000001a 00000000`00003453 ffffe000`01bae2c0 00000000`00125529 : nt!KeBugCheckEx
fffff802`1b472fed : ffffffff`ffffffff ffffe000`06eae0b0 ffffe000`04e98a60 ffffe000`01bae5a8 : nt! ?? ::FNODOBFM::`string'+0x20f05
fffff802`1b472ae9 : ffffe000`01bae2c0 ffffe000`04e98a60 ffffe000`01bae5a8 00000000`00000001 : nt!MmDeleteProcessAddressSpace+0x35
fffff802`1b4aebf8 : 00000000`00000000 00000000`00000000 ffffe000`01bae2c0 ffffe000`000c32f0 : nt!PspProcessDelete+0x199
fffff802`1b0bb60f : 00000000`00000000 ffffd000`21a4ab69 ffffe000`01bae2c0 ffffe000`07eee000 : nt!ObpRemoveObjectRoutine+0x64
fffff802`1b10a3d2 : ffffe000`07eee000 ffffe000`07eeede8 ffffe000`07eeeff8 ffffe000`07eee048 : nt!ObfDereferenceObject+0x8f
fffff802`1b4769b5 : 00000000`00000000 00000000`00000000 ffffd000`21a4ab69 ffffe000`07eeede8 : nt!MmFreeAccessPfnBuffer+0x22
fffff802`1b6805ce : 00000000`00000001 fffff802`1b31f928 00000000`00000000 ffffe000`00000000 : nt!PfpFlushBuffers+0x24d
fffff802`1b10d2e4 : 00000000`00000000 ffffe000`04e98740 ffffe000`04e98740 ffffe000`000ee900 : nt!PfTLoggingWorker+0x156
fffff802`1b1d42c6 : ffffd000`201d5180 ffffe000`04e98740 ffffd000`201e11c0 ffffc000`04accdd0 : nt!PspSystemThreadStartup+0x58
00000000`00000000 : ffffd000`21a4b000 ffffd000`21a45000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
0: kd> dv
Unable to enumerate locals, HRESULT 0x80004005
Private symbols (symbols.pri) are required for locals.
Type ".hh dbgerr005" for details.

You may have read this thread?
http://answers.microsoft.com/en-us/windows/forum/windows_8-system/bsod-power-driver-state-failure-iastorasys/4643832c-e2b6-49ca-b646-6ff135bc30f9?msgId=e7295c77-5107-4bb2-843b-3326b3786ee8
Have you run the Memtest86 tool for testing memories?
http://www.memtest.org/

The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xe3045048, 0x00000000, 0x819c02bf, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: %3.

Hello Guys,
I hope someone can help me with this error. I have been searching from forums but typically, causes and resolutions are generalized. This is the first time it happened on our Win 2008 Server and we have not installed any (hardware/Software/Drivers)
for the past 3 years.
We do install monthly security patches and that is it... This server of ours is running on VM (VMWARE).
I hope you can shed light as I do not understand crash dumps..
Thank you
===============================
Opened log file 'c:\debuglogrlo.txt'
3: kd> .sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Expanded Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*c:\symbols*http://msdl.microsoft.com/download/symbols
3: kd> .reload;!analyze -v;r;kv;lmnt;.logclose;q
Loading Kernel Symbols
Loading User Symbols
Loading unloaded module list
*                        Bugcheck Analysis
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: e3045048, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 819c02bf, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)
Debugging Details:
READ_ADDRESS: e3045048
FAULTING_IP:
nt!CmpCheckKey+61b
819c02bf 394724          cmp     dword ptr [edi+24h],eax
MM_INTERNAL_CODE: 0
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) x86fre
TRAP_FRAME: 8d9bf9ec -- (.trap 0xffffffff8d9bf9ec)
.trap 0xffffffff8d9bf9ec
ErrCode = 00000000
eax=00000000 ebx=cecec024 ecx=3162f75f edx=00000035 esi=b52b1940 edi=e3045024
eip=819c02bf esp=8d9bfa60 ebp=8d9bfa8c iopl=0         nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000             efl=00010246
nt!CmpCheckKey+0x61b:
819c02bf 394724          cmp     dword ptr [edi+24h],eax ds:0023:e3045048=????????
.trap
Resetting default scope
LAST_CONTROL_TRANSFER: from 81891de4 to 818dc292
STACK_TEXT:
8d9bf9d4 81891de4 00000000 e3045048 00000000 nt!MmAccessFault+0x10b
8d9bf9d4 819c02bf 00000000 e3045048 00000000 nt!KiTrap0E+0xdc
8d9bfa8c 819c681a 01000001 009c4020 009c3f70 nt!CmpCheckKey+0x61b
8d9bfabc 819c6e48 b52b1940 01000001 00000006 nt!CmpCheckRegistry2+0x8c
8d9bfb04 819c186e 01000001 8d9bfc60 80002f38 nt!CmCheckRegistry+0xf5
8d9bfb60 819c3fdd 8d9bfbb4 00000005 00000000 nt!CmpInitializeHive+0x4c1
8d9bfbd8 819c627d 8d9bfc60 00000000 8d9bfc4c nt!CmpInitHiveFromFile+0x19e
8d9bfc18 819bc4c5 8d9bfc60 00000000 8d9bfc7b nt!CmpCmdHiveOpen+0x36
8d9bfd14 819bc6fa 00000002 8193c5a0 00000002 nt!CmpFlushBackupHive+0x2fd
8d9bfd38 81a9bcbd 8194613c 84da3020 818e9d4a nt!CmpSyncBackupHives+0x90
8d9bfd44 818e9d4a 00000000 00000000 84da3020 nt!CmpPeriodicBackupFlushWorker+0x32
8d9bfd7c 81a1a01c 00000000 bcf90a9f 00000000 nt!ExpWorkerThread+0xfd
8d9bfdc0 81882eee 818e9c4d 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!CmpCheckKey+61b
819c02bf 394724          cmp     dword ptr [edi+24h],eax
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!CmpCheckKey+61b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 51da1840
IMAGE_VERSION: 6.0.6002.18881
FAILURE_BUCKET_ID: 0x50_nt!CmpCheckKey+61b
BUCKET_ID: 0x50_nt!CmpCheckKey+61b
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x50_nt!cmpcheckkey+61b
FAILURE_ID_HASH: {b0c48432-dfba-c9e0-33fc-874f17d1f0e6}
Followup: MachineOwner
eax=8d948120 ebx=00000000 ecx=81944200 edx=000003f0 esi=8d94813c edi=00000000
eip=818dc292 esp=8d9bf960 ebp=8d9bf9d4 iopl=0         nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000             efl=00000202
nt!MmAccessFault+0x10b:
818dc292 8b03            mov     eax,dword ptr [ebx] ds:0023:00000000=????????
ChildEBP RetAddr Args to Child
8d9bf9d4 81891de4 00000000 e3045048 00000000 nt!MmAccessFault+0x10b
8d9bf9d4 819c02bf 00000000 e3045048 00000000 nt!KiTrap0E+0xdc (FPO: [0,0] TrapFrame @ 8d9bf9ec)
8d9bfa8c 819c681a 01000001 009c4020 009c3f70 nt!CmpCheckKey+0x61b
8d9bfabc 819c6e48 b52b1940 01000001 00000006 nt!CmpCheckRegistry2+0x8c
8d9bfb04 819c186e 01000001 8d9bfc60 80002f38 nt!CmCheckRegistry+0xf5
8d9bfb60 819c3fdd 8d9bfbb4 00000005 00000000 nt!CmpInitializeHive+0x4c1
8d9bfbd8 819c627d 8d9bfc60 00000000 8d9bfc4c nt!CmpInitHiveFromFile+0x19e
8d9bfc18 819bc4c5 8d9bfc60 00000000 8d9bfc7b nt!CmpCmdHiveOpen+0x36
8d9bfd14 819bc6fa 00000002 8193c5a0 00000002 nt!CmpFlushBackupHive+0x2fd
8d9bfd38 81a9bcbd 8194613c 84da3020 818e9d4a nt!CmpSyncBackupHives+0x90
8d9bfd44 818e9d4a 00000000 00000000 84da3020 nt!CmpPeriodicBackupFlushWorker+0x32 (FPO: [1,0,2])
8d9bfd7c 81a1a01c 00000000 bcf90a9f 00000000 nt!ExpWorkerThread+0xfd
8d9bfdc0 81882eee 818e9c4d 00000001 00000000 nt!PspSystemThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
start    end        module name
8060e000 80615000   kdcom    kdcom.dll    Sat Apr 11 14:25:29 2009 (49E037D9)
80615000 80685000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Apr 11 14:23:19 2009 (49E03757)
80685000 80696000   PSHED    PSHED.dll    Sat Apr 11 14:25:32 2009 (49E037DC)
80696000 8069e000   BOOTVID BOOTVID.dll Sat Jan 19 15:27:15 2008 (4791A653)
8069e000 806df000   CLFS     CLFS.SYS     Sat Apr 11 12:13:51 2009 (49E018FF)
806df000 807bf000   CI       CI.dll       Sat Apr 11 14:25:22 2009 (49E037D2)
807d7000 807e5000   WDFLDR   WDFLDR.SYS   Thu Jul 26 10:36:38 2012 (5010AD36)
807e5000 807fc000   dfsc     dfsc.sys     Thu Apr 14 22:59:03 2011 (4DA70BB7)
81811000 81844000   hal      halmacpi.dll Sat Apr 11 12:13:13 2009 (49E018D9)
81844000 81bfe000   nt       ntkrpamp.exe Mon Jul 08 09:39:12 2013 (51DA1840)
81e01000 81f0c000   NDIS     NDIS.SYS     Sat Apr 11 12:45:52 2009 (49E02080)
81f0c000 81f37000   msrpc    msrpc.sys    Sat Apr 11 12:37:32 2009 (49E01E8C)
81f37000 81f72000   NETIO    NETIO.SYS    Sat Apr 11 12:46:21 2009 (49E0209D)
81f72000 81ff3000   Wdf01000 Wdf01000.sys Sat Jun 22 10:29:37 2013 (51C50C11)
8c805000 8c84b000   acpi     acpi.sys     Sat Apr 11 12:19:03 2009 (49E01A37)
8c84b000 8c854000   WMILIB   WMILIB.SYS   Sat Jan 19 13:53:08 2008 (47919044)
8c854000 8c85c000   msisadrv msisadrv.sys Sat Jan 19 13:32:51 2008 (47918B83)
8c85c000 8c883000   pci      pci.sys      Sat Apr 11 12:19:16 2009 (49E01A44)
8c883000 8c892000   partmgr partmgr.sys Sat Apr 11 12:39:19 2009 (49E01EF7)
8c892000 8c894900   compbatt compbatt.sys Sat Jan 19 13:32:47 2008 (47918B7F)
8c895000 8c89f000   BATTC    BATTC.SYS    Sat Jan 19 13:32:45 2008 (47918B7D)
8c89f000 8c8ae000   volmgr   volmgr.sys   Sat Jan 19 13:49:51 2008 (47918F7F)
8c8ae000 8c8f8000   volmgrx volmgrx.sys Sat Apr 11 12:39:25 2009 (49E01EFD)
8c8f8000 8c8ff000   intelide intelide.sys Sat Jan 19 13:49:42 2008 (47918F76)
8c8ff000 8c90d000   PCIIDEX PCIIDEX.SYS Sat Apr 11 12:39:09 2009 (49E01EED)
8c90d000 8c91cb80   vmci     vmci.sys     Tue May 01 09:12:40 2012 (4F9F3888)
8c91d000 8c92d000   mountmgr mountmgr.sys Sat Jan 19 13:49:13 2008 (47918F59)
8c92d000 8c93a580   vsock    vsock.sys    Sat Sep 29 12:59:03 2012 (50668017)
8c93b000 8c943000   atapi    atapi.sys    Sat Apr 11 12:39:09 2009 (49E01EED)
8c943000 8c961000   ataport ataport.SYS Sat Apr 11 12:39:10 2009 (49E01EEE)
8c961000 8c979000   lsi_sas lsi_sas.sys Sat Jun 30 09:01:01 2007 (4685AB4D)
8c979000 8c9ba000   storport storport.sys Sat Apr 11 12:39:19 2009 (49E01EF7)
8c9ba000 8c9ec000   fltmgr   fltmgr.sys   Sat Apr 11 12:13:59 2009 (49E01907)
8ca0d000 8ca6c000   SYMDS    SYMDS.SYS    Tue Jul 24 06:57:53 2012 (500DD6F1)
8ca6c000 8ca95000   vsepflt vsepflt.sys Tue Oct 30 18:37:14 2012 (508FADDA)
8ca95000 8cb7d000   SYMEFA   SYMEFA.SYS   Thu Oct 04 02:59:21 2012 (506C8B09)
8cb7d000 8cbef000   ksecdd   ksecdd.sys   Sat Jun 02 05:56:07 2012 (4FC93A77)
8cc0a000 8ccf4000   tcpip    tcpip.sys    Fri Jul 05 10:08:19 2013 (51D62A93)
8ccf4000 8cd0f000   fwpkclnt fwpkclnt.sys Sat Apr 11 12:45:42 2009 (49E02076)
8cd0f000 8cd16e00   storflt storflt.sys Sun Nov 18 10:29:44 2007 (473FA398)
8cd17000 8cd2a000   i8042prt i8042prt.sys Sat Jan 19 13:49:17 2008 (47918F5D)
8cd2a000 8cd35000   mouclass mouclass.sys Sat Jan 19 13:49:14 2008 (47918F5A)
8cd35000 8cd4d000   parport parport.sys Sat Jan 19 13:49:32 2008 (47918F6C)
8cd4d000 8cd67000   serial   serial.sys   Sat Jan 19 13:49:34 2008 (47918F6E)
8cd67000 8cd71000   serenum serenum.sys Sat Jan 19 13:49:29 2008 (47918F69)
8cd71000 8cd7c000   fdc      fdc.sys      Sat Jan 19 13:49:37 2008 (47918F71)
8cd7c000 8cd94000   cdrom    cdrom.sys    Sat Apr 11 12:39:17 2009 (49E01EF5)
8cd94000 8cdc2000   vm3dmp   vm3dmp.sys   Fri Oct 19 02:55:17 2012 (50805095)
8cdc2000 8cdd8000   tdx      tdx.sys      Sat Apr 11 12:45:56 2009 (49E02084)
8cdd8000 8cdf6000   EraserUtilRebootDrv EraserUtilRebootDrv.sys Thu Oct 10 04:46:53 2013 (5255C0BD)
8ce09000 8cf19000   Ntfs     Ntfs.sys     Sun Mar 03 05:02:58 2013 (51326902)
8cf19000 8cf52000   volsnap volsnap.sys Thu Aug 16 21:53:34 2012 (502CFB5E)
8cf52000 8cf5a000   spldr    spldr.sys    Fri Jun 22 08:29:17 2007 (467B17DD)
8cf5a000 8cf69000   mup      mup.sys      Sat Apr 11 12:14:12 2009 (49E01914)
8cf69000 8cf7a000   disk     disk.sys     Sat Apr 11 12:39:14 2009 (49E01EF2)
8cf7a000 8cf9b000   CLASSPNP CLASSPNP.SYS Sat Apr 11 12:39:05 2009 (49E01EE9)
8cf9b000 8cfab000   agp440   agp440.sys   Sat Jan 19 13:32:49 2008 (47918B81)
8cfab000 8cfb4000   crcdisk crcdisk.sys Sat Jan 19 13:50:29 2008 (47918FA5)
8cfe3000 8cfee000   tunnel   tunnel.sys   Sat Jan 19 13:55:50 2008 (479190E6)
8cfee000 8cff9000   kbdclass kbdclass.sys Sat Jan 19 13:49:14 2008 (47918F5A)
8cff9000 8cffa380   vmmouse vmmouse.sys Mon Jun 04 17:15:28 2012 (4FCC7CB0)
92404000 924a4000   dxgkrnl dxgkrnl.sys Thu Aug 01 09:31:36 2013 (51F9BA78)
924a4000 924b0000   watchdog watchdog.sys Sat Apr 11 12:22:43 2009 (49E01B13)
924b0000 924cd000   E1G60I32 E1G60I32.sys Wed Aug 08 00:14:13 2007 (46B89A55)
924cd000 924d0780   CmBatt   CmBatt.sys   Sat Jan 19 13:32:47 2008 (47918B7F)
924d1000 924e0000   intelppm intelppm.sys Sat Jan 19 13:27:20 2008 (47918A38)
924e0000 924e0c80   lmimirr lmimirr.sys Wed Apr 11 06:32:11 2007 (461C106B)
924e1000 92502000   VIDEOPRT VIDEOPRT.SYS Sat Jan 19 13:52:10 2008 (4791900A)
92502000 92531000   msiscsi msiscsi.sys Sat Apr 11 12:40:07 2009 (49E01F27)
92531000 9253c000   TDI      TDI.SYS      Sat Jan 19 13:57:10 2008 (47919136)
9253c000 92553000   rasl2tp rasl2tp.sys Sat Jan 19 13:56:33 2008 (47919111)
92553000 9255e000   ndistapi ndistapi.sys Sat Jan 19 13:56:24 2008 (47919108)
9255e000 92581000   ndiswan ndiswan.sys Sat Apr 11 12:46:31 2009 (49E020A7)
92581000 92590000   raspppoe raspppoe.sys Sat Apr 11 12:46:30 2009 (49E020A6)
92590000 925a4000   raspptp raspptp.sys Sat Jan 19 13:56:34 2008 (47919112)
925a4000 925b9000   rassstp rassstp.sys Sat Apr 11 12:46:40 2009 (49E020B0)
925b9000 925e3000   SYMEVENT SYMEVENT.SYS Wed Aug 22 13:32:47 2012 (50346EFF)
925e3000 925f1000   Npfs     Npfs.SYS     Sat Apr 11 12:14:01 2009 (49E01909)
92a0a000 92a93000   rdpdr    rdpdr.sys    Sat Apr 11 12:52:32 2009 (49E02210)
92a93000 92aa3000   termdd   termdd.sys   Sat Apr 11 12:51:14 2009 (49E021C2)
92aa3000 92aa4380   swenum   swenum.sys   Sat Jan 19 13:49:20 2008 (47918F60)
92aa5000 92acf000   ks       ks.sys       Sat Apr 11 12:38:47 2009 (49E01ED7)
92acf000 92ad9000   mssmbios mssmbios.sys Sat Jan 19 13:32:55 2008 (47918B87)
92ad9000 92ae6000   umbus    umbus.sys    Sat Jan 19 13:53:40 2008 (47919064)
92ae6000 92af0000   flpydisk flpydisk.sys Sat Jan 19 13:49:37 2008 (47918F71)
92af0000 92b01000   NDProxy NDProxy.SYS Sat Jan 19 13:56:28 2008 (4791910C)
92b01000 92b25000   ccSetx86 ccSetx86.sys Fri Aug 17 05:15:38 2012 (502D62FA)
92b25000 92bb8000   SRTSP    SRTSP.SYS    Fri Nov 02 04:14:38 2012 (5092D82E)
92bb8000 92bc8000   SRTSPX   SRTSPX.SYS   Wed Nov 16 06:27:18 2011 (4EC2E746)
92bc8000 92bf5000   Ironx86 Ironx86.SYS Tue Jul 24 08:34:17 2012 (500DED89)
93600000 93609000   rasacd   rasacd.sys   Sat Jan 19 13:56:31 2008 (4791910F)
93609000 93790e00   NAVEX15 NAVEX15.SYS Fri Aug 23 03:57:57 2013 (52166D45)
937a9000 937b7000   SymEPSecFlt SymEPSecFlt.sys Wed Mar 14 22:36:50 2012 (4F60AD02)
937b7000 937c0000   Fs_Rec   Fs_Rec.SYS   Wed Feb 29 21:32:36 2012 (4F4E28F4)
937c0000 937c7000   Null     Null.SYS     Sat Jan 19 13:49:12 2008 (47918F58)
937c7000 937ce000   Beep     Beep.SYS     Sat Jan 19 13:49:10 2008 (47918F56)
937ce000 937d5980   vmrawdsk vmrawdsk.sys Sat Mar 23 22:24:00 2013 (514DBB00)
937d6000 937e2000   vga      vga.sys      Sat Jan 19 13:52:06 2008 (47919006)
937e2000 937ea000   RDPCDD   RDPCDD.sys   Sat Jan 19 14:01:08 2008 (47919224)
937ea000 937f2000   rdpencdd rdpencdd.sys Sat Jan 19 14:01:09 2008 (47919225)
937f2000 937fd000   Msfs     Msfs.SYS     Sat Jan 19 13:28:08 2008 (47918A68)
97c0d000 97c69000   SYMTDIV SYMTDIV.SYS Sat Jul 21 10:01:00 2012 (500A0D5C)
97c69000 97c7d000   smb      smb.sys      Sat Apr 11 12:45:22 2009 (49E02062)
97c7d000 97cc5000   afd      afd.sys      Thu Apr 21 21:58:25 2011 (4DB03801)
97cc5000 97cf7000   netbt    netbt.sys    Sat Apr 11 12:45:35 2009 (49E0206F)
97cf7000 97d00000   ws2ifsl ws2ifsl.sys Sat Jan 19 13:56:49 2008 (47919121)
97d00000 97d16000   pacer    pacer.sys    Sat Apr 11 12:45:51 2009 (49E0207F)
97d16000 97d24000   netbios netbios.sys Sat Jan 19 13:55:45 2008 (479190E1)
97d24000 97d46700   vmhgfs   vmhgfs.sys   Sat Mar 23 22:17:43 2013 (514DB987)
97d47000 97d5a000   wanarp   wanarp.sys   Sat Jan 19 13:56:31 2008 (4791910F)
97d5a000 97d96000   rdbss    rdbss.sys    Sat Apr 11 12:14:26 2009 (49E01922)
97d96000 97da0000   nsiproxy nsiproxy.sys Sat Jan 19 13:55:50 2008 (479190E6)
97da0000 97dff000   eeCtrl   eeCtrl.sys   Thu Oct 10 04:46:53 2013 (5255C0BD)
9800e000 9811d000   BHDrvx86 BHDrvx86.sys Fri Mar 14 10:34:18 2014 (53226AAA)
9811d000 9812a000   crashdmp crashdmp.sys Sat Apr 11 12:39:12 2009 (49E01EF0)
9812a000 98134000   dump_diskdump dump_diskdump.sys Sat Apr 11 12:39:11 2009 (49E01EEF)
98134000 9814c000   dump_LSI_SAS dump_LSI_SAS.sys Sat Jun 30 09:01:01 2007 (4685AB4D)
9814c000 98156000   Dxapi    Dxapi.sys    Sat Jan 19 13:36:12 2008 (47918C4C)
98156000 98165000   monitor monitor.sys Sat Jan 19 13:52:19 2008 (47919013)
98165000 98180000   luafv    luafv.sys    Sat Jan 19 13:30:35 2008 (47918AFB)
98180000 981ab000   ofant    ofant.sys    Tue Nov 22 03:55:32 2011 (4ECAACB4)
981ab000 981b5000   LMIRfsDriver LMIRfsDriver.sys Tue Jul 15 00:26:22 2008 (487B7E2E)
9d440000 9d646000   win32k   win32k.sys   Fri Feb 07 18:38:29 2014 (52F4B7A5)
9d660000 9d669000   TSDDD    TSDDD.dll    Sat Jan 19 14:01:09 2008 (47919225)
9d680000 9d68e000   cdd      cdd.dll      Thu Aug 01 10:49:32 2013 (51F9CCBC)
a0606000 a06b6000   spsys    spsys.sys    Wed Mar 11 01:10:28 2009 (49B69F04)
a06b6000 a06c6000   lltdio   lltdio.sys   Sat Jan 19 13:55:03 2008 (479190B7)
a06c6000 a06d9000   rspndr   rspndr.sys   Sat Jan 19 13:55:03 2008 (479190B7)
a06d9000 a06f2000   bowser   bowser.sys   Tue Feb 22 21:23:54 2011 (4D63B8EA)
a06f2000 a0713000   mrxdav   mrxdav.sys   Sat Apr 11 12:14:39 2009 (49E0192F)
a0713000 a0732000   mrxsmb   mrxsmb.sys   Fri Apr 29 21:24:39 2011 (4DBABC17)
a0732000 a076b000   mrxsmb10 mrxsmb10.sys Wed Jul 06 23:31:46 2011 (4E147FE2)
a076b000 a0783000   mrxsmb20 mrxsmb20.sys Fri Apr 29 21:24:41 2011 (4DBABC19)
a0783000 a07f0000   HTTP     HTTP.sys     Sun Feb 21 04:53:31 2010 (4B804BCB)
a07f0000 a07f7000   parvdm   parvdm.sys   Sat Jan 19 13:49:28 2008 (47918F68)
a07f7000 a07f9080   vmmemctl vmmemctl.sys Sat Mar 23 22:23:46 2013 (514DBAF2)
a07fa000 a07fb800   RaInfo   RaInfo.sys   Sat Jan 05 02:57:12 2008 (477E8188)
a4808000 a48e6000   peauth   peauth.sys   Mon Oct 23 16:55:32 2006 (453C8384)
a48e6000 a48f0000   secdrv   secdrv.SYS   Wed Sep 13 21:18:32 2006 (45080528)
a48f0000 a490d000   srvnet   srvnet.sys   Fri Apr 29 21:25:08 2011 (4DBABC34)
a490d000 a4919000   tcpipreg tcpipreg.sys Wed Dec 09 01:26:18 2009 (4B1E8C3A)
a4919000 a491ce80   vstor2_mntapi10_shared vstor2-mntapi10-shared.sys Fri Nov 05 02:33:35 2010 (4CD2FC7F)
a491d000 a4945000   srv2     srv2.sys     Fri Apr 29 21:25:09 2011 (4DBABC35)
a4945000 a4994000   srv      srv.sys      Fri Feb 18 22:03:28 2011 (4D5E7C30)
a4994000 a49aa000   cdfs     cdfs.sys     Sat Jan 19 13:28:02 2008 (47918A62)
a49aa000 a49b3000   asyncmac asyncmac.sys Sat Jan 19 13:56:29 2008 (4791910D)
a49b3000 a49c3000   fileinfo fileinfo.sys Sat Jan 19 13:34:27 2008 (47918BE3)
a49dd000 a49f2000   NAVENG   NAVENG.SYS   Fri Aug 23 03:59:23 2013 (52166D9B)
Unloaded modules:
a49c8000 a49dd000   NAVENG.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00015000
93609000 93791000   NAVEX15.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00188000
a49b3000 a49c8000   NAVENG.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00015000
93609000 93791000   NAVEX15.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00188000
a49dd000 a49f2000   NAVENG.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00015000
93609000 93791000   NAVEX15.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00188000
a49c8000 a49dd000   NAVENG.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00015000
93609000 93791000   NAVEX15.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00188000
a49b3000 a49c8000   NAVENG.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00015000
93609000 93791000   NAVEX15.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00188000
a49dd000 a49f2000   NAVENG.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00015000
93609000 93791000   NAVEX15.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00188000
a49c8000 a49dd000   NAVENG.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00015000
93609000 93791000   NAVEX15.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00188000
a49b3000 a49c8000   NAVENG.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00015000
93609000 93791000   NAVEX15.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00188000
93794000 937a9000   NAVENG.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00015000
9360c000 93794000   NAVEX15.SYS
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00188000
8cfb4000 8cfc1000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 0000D000
8cfc1000 8cfcb000   dump_storport.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 0000A000
8cfcb000 8cfe3000   dump_LSI_SAS.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00018000
807bf000 807d7000   sacdrv.sys
    Timestamp: unavailable (00000000)
    Checksum: 00000000
    ImageSize: 00018000
Closing open log file c:\debuglogrlo.txt

Hi,
Bug check 0x50 usually occurs after the installation of faulty hardware or in the event of failure of installed hardware (usually related to defective RAM, be it main memory, L2 RAM
cache, or video RAM).
Another common cause is the installation of a faulty system service.
Antivirus software can also trigger this error, as can a corrupted NTFS volume.
Try the solution provided in this article:
Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREA
http://msdn.microsoft.com/en-us/library/windows/hardware/ff559023(v=vs.85).aspx
And this one:
Stop error message in Windows 7 or Windows Server 2008 R2: "Stop error code 0x0000007E (SYSTEM_THREAD_EXCEPTION_NOT_HANDLED)" or "Stop error code 0x00000050 (PAGE_FAULT_IN_NONPAGED_AREA)"
http://support.microsoft.com/kb/979538
Hope this helps.

The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b...

Hi All
I formatted and installed Win8.1 (64-bit) recently on my PC but have constantly had BSOD with faults like:
Log Name: System
Source: Microsoft-Windows-WER-SystemErrorReporting
Date: 27/11/2014 09:40:21
Event ID: 1001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: PC1
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8025714c975, 0xffffd001186a85f0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112714-32125-01.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-11-27T09:40:21.000000000Z" />
<EventRecordID>8488</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>PC1</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">0x0000003b (0x00000000c0000005, 0xfffff8025714c975, 0xffffd001186a85f0, 0x0000000000000000)</Data>
<Data Name="param2">C:\Windows\MEMORY.DMP</Data>
<Data Name="param3">112714-32125-01</Data>
</EventData>
</Event>
I've had others but this is the most recent. I ran the Nvidia scanner and loaded the video drivers it recommends (340.52). I've got two GeForce 8800GTX cards connected with SLI cable. I've tried turning SLI off as well. I also removed and re-seated the cards.
I also just replaced the RAM with another 4GB brand new from a supplier (240pin DDR2 DIMM UNBUFF.PC2 - 6400 CL6).
It crashed about once a day, totally randomly, sometimes when idle.
I zipped a copy of the DUMP file and MSINFO32 file to my OneDrive but I don't know if I need / how to share it (please advise if necessary).
I would be very grateful for a solution.
Regards
Mark

Ok, here is what I think. The MEMORY.DMP you provided was older and basically less helpful than what was recorded in the MSIinfo file. You are on the right track in your thinking that the crashes are related to
GeForce 8800GTX cards, so I am going to suggest an uninstall and "clean" reinstall of the current driver.
If no joy, try an older driver.
btw, apologies for the voluminous post...
25/11/2014 12:31 Windows Error Reporting Fault bucket
AV_nvlddmkm!CNvLChannelNonLegacy::pipelineGPFifoBlit, type 0
Event Name:
BlueScreen
Response:
http://wer.microsoft.com/responses/resredir.aspx?sid=10&Bucket=AV_nvlddmkm!CNvLChannelNonLegacy::pipelineGPFifoBlit&State=1&ID=e2e8a1cf-86d8-4a37-806c-7d971c8a16d6
Cab Id: e2e8a1cf-86d8-4a37-806c-7d971c8a16d6

Problem
signature:
P1: d1
P2: fffffffffffffff1
P3: 2
P4: 1
P5: fffff801ca3d1440
P6: 6_3_9600
P7: 0_0
P8:
768_1
P9: 
P10: 

Attached files:
C:\Windows\Minidump\112514-33906-01.dmp
C:\Users\Mark\AppData\Local\Temp\WER-95625-0.sysdata.xml
C:\Windows\MEMORY.DMP
C:\Users\Mark\AppData\Local\Temp\WERCED4.tmp.WERInternalMetadata.xml

These
files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_d1_a7d30b578e595ab79ff817b74f971d37c1e8e_00000000_cab_10a9e058

Analysis symbol: 
Rechecking
for solution: 0
Report ID: 112514-33906-01
Report Status: 0
Hashed bucket:
24/11/2014 17:22 Windows Error Reporting Fault bucket AV_nvlddmkm!vblankCallback, type 0
Event Name: BlueScreen
Response:
http://wer.microsoft.com/responses/resredir.aspx?sid=10&Bucket=AV_nvlddmkm!vblankCallback&State=1&ID=f616ba0f-2c01-41f5-bfc4-82489997cecc
Cab Id: f616ba0f-2c01-41f5-bfc4-82489997cecc

Problem
signature:
P1: d1
P2: 5e
P3: 6
P4: 1
P5: fffff80075721912
P6: 6_3_9600
P7: 0_0
P8:
768_1
P9: 
P10: 

Attached files:
C:\Windows\Minidump\112314-37250-01.dmp
C:\Users\Mark\AppData\Local\Temp\WER-86718-0.sysdata.xml
C:\Windows\MEMORY.DMP
C:\Users\Mark\AppData\Local\Temp\WER684A.tmp.WERInternalMetadata.xml

These
files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_d1_79675c223622dece3b44f5ae297e5b3f6af5349_00000000_cab_04d8b9c0

Analysis symbol: 
Rechecking
for solution: 0
Report ID: 112314-37250-01
Report Status: 0
Hashed bucket:
23/11/2014 18:03 Windows Error Reporting Fault bucket , type 0
Event Name:
BlueScreen
Response: Not available
Cab Id: 0

Problem signature:
P1: d1
P2: 5e
P3:
6
P4: 1
P5: fffff80075721912
P6: 6_3_9600
P7: 0_0
P8: 768_1
P9: 
P10: 

Attached
files:
C:\Windows\Minidump\112314-37250-01.dmp
C:\Users\Mark\AppData\Local\Temp\WER-86718-0.sysdata.xml
C:\Windows\MEMORY.DMP
C:\Users\Mark\AppData\Local\Temp\WER684A.tmp.WERInternalMetadata.xml

These
files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_d1_79675c223622dece3b44f5ae297e5b3f6af5349_00000000_cab_0d89e73e

Analysis symbol: 
Rechecking
for solution: 0
Report ID: 112314-37250-01
Report Status: 100
Hashed bucket:
24/11/2014 17:22 Windows Error Reporting Fault bucket -421640870, type 5
Event Name:
PnPDeviceProblemCode
Response: Not available
Cab Id: 0

Problem signature:
P1: x64
P2:
PCI\VEN_10DE&DEV_0191&SUBSYS_22501682&REV_A2
P3: {4d36e968-e325-11ce-bfc1-08002be10318}
P4: 0000001F
P5: BasicDisplay.sys
P6: 6.3.9600.16384
P7:
08-22-2013
P8: 
P9: 
P10: 

Attached files:
C:\Windows\Temp\DMID706.tmp.log.xml
C:\Windows\Temp\LOGD727.tmp
C:\Windows\Inf\display.inf

These
files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_24eb8c9ed87f37eac11320981cbf81446b69288_00000000_cab_0764d745

Analysis symbol: 
Rechecking
for solution: 0
Report ID: 54413262-6e57-11e4-824e-c58295c96ec1
Report Status: 8
Hashed bucket: adb5d63b7478974f8d85c5ec03d74566
Sorted by: Device ID
Device Id
Chip Description
Vendor Id
Vendor Name
0x0191
SIS191
0x1039
Silicon Integrated Systems
0x0191
NVIDIA GeForce 8800 GTX
0x10DE
NVIDIA
0x0660
HD Audio
0x10EC
Realtek Semiconductor Corp
0x0191
CMI 8738 8CH Sound Card
0x13F6
C-Media Electronics Inc.

BthA2DP.sys BugCheck

Similar Messages

Maybe you are looking for