dmp file and blue screen error Windows 7
Hi, Just wondering if someone can tell me how to read the dmp file created after the blue screen appears ? I have just recently upgraded my Toshiba P300 from Vista 64 bit to Windows 7 Home Prem 64 bit. I dont know why Windows 7 keeps crashing and so far I have no idea of how to open the .dmp file (I have zipped the dmp file and attahced below). http://cid-7a99d6152c55359c.skydrive.live.com/self.aspx/.Public/minidump/022710-26223-01.zip The message that I been given so far says : Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 3081
Additional information about the problem:
BCCode: a
BCP1: FFFFF6FC40052000
BCP2: 0000000000000002
BCP3: 0000000000000000
BCP4: FFFFF80002E62322
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1
Files that help describe the problem:
C:\Windows\Minidump\022710-26223-01.dmp
C:\Users\Caroline\AppData\Local\Temp\WER-125393-0.sysdata.xml
February 26th, 2010 10:06pm
The minidump file showed that the driver which caused the crash was the klim6.sys, which is a Kaspersky driver.I would suggest to uninstall Kaspersky and see if the BSODs resolve.Afterwards you could consider re-installing Kaspersky using the latest version.BTW, a handy application to read minidump files is BlueScreenView:http://www.nirsoft.net/utils/blue_screen_view.htmlHowever, you may find using WinDbg of the Debugging Tools for Windows gives you more complete information.You can download the Debugging Tools for Windows from the following link:http://www.microsoft.com/whdc/devtools/debugging/default.mspxThere is a tutorial in the following link on setting up WinDbg, such as setting the symbol path and utilizing the !analyze -v command:http://www.sevenforums.com/crash-lockup-debug-how/26584-2-intermediate-configuring-debugging-tools.html
Free Windows Admin Tool Kit Click here and download it now
March 1st, 2010 11:25pm
Hi auggy,Many thanks for the help. Will uninstall Kaspersky and re-install 2010 version.Cheers,Kara
March 2nd, 2010 4:39pm
Hi Auggy,
Need your help. what to check in BlueScreenView. as per your above post, i am trying to check one BSOD Dump which is showing caused by driver ntkrnlpa.exe.
Dhiraj
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2011 2:14am
ntkrnlpa.exe is not the cause of the crash.
If you use WinDbg of the Debugging Tools for Windows it may identify the actual driver causing the crash.
If you want, can you zip up the minidump file(s) and make available (provide link) via Windows Live SkyDrive or similar site?
The following link has information on using Windows Live SkyDrive:
http://social.technet.microsoft.com/Forums/en-US/w7itproui/thread/4fc10639-02db-4665-993a-08d865088d65
February 2nd, 2011 8:42am
Thanks for your prompt response, Auggy.
WinDBG showing below output.
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0ca32751, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8dfefa9e, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from 82743868
Unable to read MiSystemVaType memory at 82723420
0ca32751
CURRENT_IRQL: 2
FAULTING_IP:
+6665383534303736
8dfefa9e ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
TRAP_FRAME: b9ab5a58 -- (.trap 0xffffffffb9ab5a58)
ErrCode = 00000000
eax=157aafd5 ebx=0ca3274b ecx=15d46244 edx=00000000 esi=00000000 edi=00000000
eip=8dfefa9e esp=b9ab5acc ebp=b9ab5ae4 iopl=0 nv up ei ng nz na pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010287
8dfefa9e ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from 8dfefa9e to 82659fd9
STACK_TEXT:
b9ab5a58 8dfefa9e badb0d00 00000000 826509c6 nt!KiTrap0E+0x2e1
WARNING: Frame IP not in any known module. Following frames may be wrong.
b9ab5ac8 85065590 84d88008 85791698 15d46244 0x8dfefa9e
b9ab5ae4 8dfedede 85791698 0000000e ffffffff 0x85065590
b9ab5c5c 826b31fb 00000000 858a9630 c0000001 0x8dfedede
b9ab5c60 00000000 858a9630 c0000001 b324c2c0 nt!IopfCompleteRequest+0x11d
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiTrap0E+2e1
82659fd9 833d84ac738200 cmp dword ptr [nt!KiFreezeFlag (8273ac84)],0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!KiTrap0E+2e1
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4c0e557c
FAILURE_BUCKET_ID: 0xD1_nt!KiTrap0E+2e1
BUCKET_ID: 0xD1_nt!KiTrap0E+2e1
Followup: MachineOwner
---------
Dhiraj
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2011 8:50am
Since the problematic driver is not identified try updating all third party drivers.
If problem persists consider turning on the "Driver Verifier" against all non-Microsoft drivers to stress test them and try to weed out a problematic driver:
Start > type verifier in the Search programs and files box and press "Enter" > Create standard settings > Next > Select driver names from a list > then select all non-Microsoft drivers > Finish
Restart the computer.
Continue to use the computer normally but if you experience any BSODs check the minidump file(s).
If after enabling the Driver Verifier and restarting the computer you receive a BSOD on startup and cannot start Windows, restart the computer in "Safe Mode" and do the following:
Start > type verifier in the Search programs and files box and press "Enter" > Delete existing settings > Finish
Restart the computer, log into Normal Mode, and check the resulting minidump file.
February 2nd, 2011 10:13am
Thanks, i will try these steps. This user have also below two minidumps.
1)
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from 8254b868
Unable to read MiSystemVaType memory at 8252b420
acd01562
FAULTING_IP:
tmevtmgr+5562
acd01562 ?? ???
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xCE
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
TRAP_FRAME: b0fe5bc8 -- (.trap 0xffffffffb0fe5bc8)
ErrCode = 00000010
eax=c0000240 ebx=00000000 ecx=825fbb3f edx=004a5917 esi=b0fe5d3c edi=863f4694
eip=acd01562 esp=b0fe5c3c ebp=b0fe5c4c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
<Unloaded_tmevtmgr.sys>+0x5562:
acd01562 ?? ???
Resetting default scope
IP_MODULE_UNLOADED:
tmevtmgr+5562
acd01562 ?? ???
LAST_CONTROL_TRANSFER: from 82461dd4 to 824ac38d
STACK_TEXT:
b0fe5bb0 82461dd4 00000008 acd01562 00000000 nt!MmAccessFault+0x10a
b0fe5bb0 acd01562 00000008 acd01562 00000000 nt!KiTrap0E+0xdc
WARNING: Frame IP not in any known module. Following frames may be wrong.
b0fe5c38 863f453c 863f453c 863f453c 00000000 <Unloaded_tmevtmgr.sys>+0x5562
b0fe5c6c 824bf3de 847be4d0 b0fe5d38 00000008 0x863f453c
b0fe5d4c 8245ec7a 863f453c 0000004f 02edf748 nt!EtwpLogKernelEvent+0x1fe
b0fe5d4c 00000023 863f453c 0000004f 02edf748 nt!KiFastCallEntry+0x12a
00000000 00000000 00000000 00000000 00000000 0x23
STACK_COMMAND: kb
FOLLOWUP_IP:
tmevtmgr+5562
acd01562 ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: tmevtmgr+5562
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: tmevtmgr
IMAGE_NAME: tmevtmgr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: 0xCE_tmevtmgr+5562
BUCKET_ID: 0xCE_tmevtmgr+5562
Followup: MachineOwner
---------
2 )
Debugging Details:
------------------
DRVPOWERSTATE_SUBCODE: 3
IRP_ADDRESS: 85c80588
DEVICE_OBJECT: 86512030
DRIVER_OBJECT: 865899c0
IMAGE_NAME: agnfilt.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 46f3cd1b
MODULE_NAME: agnfilt
FAULTING_MODULE: 8dee9000 agnfilt
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x9F
PROCESS_NAME: TMBMSRV.exe
CURRENT_IRQL: 2
STACK_TEXT:
8039dd6c 826463fb 0000009f 00000003 84759c70 nt!KeBugCheckEx+0x1e
8039ddc8 82646018 8039de40 8039def0 82723401 nt!PopCheckIrpWatchdog+0x1ad
8039de08 826bf30b 827234e0 00000000 3ac9c8dc nt!PopCheckForIdleness+0x343
8039df28 826bef41 8039df70 8039df02 8039df78 nt!KiTimerListExpire+0x367
8039df88 826bf635 00000000 00000000 001b8e5b nt!KiTimerExpiration+0x2a0
8039dff4 826bd2f5 ae21fd10 00000000 00000000 nt!KiRetireDpcList+0xba
8039dff8 ae21fd10 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x45
WARNING: Frame IP not in any known module. Following frames may be wrong.
826bd2f5 00000000 0000001b 00c7850f bb830000 0xae21fd10
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: 0x9F_3_IMAGE_agnfilt.sys
BUCKET_ID: 0x9F_3_IMAGE_agnfilt.sys
Followup: MachineOwner
Dhiraj
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2011 10:38am
From those errors there are two drivers named as causing the crashes - the first error was the tmevtmgr.sys (Trend Micro driver) and the second error was the agnfilt.sys ( AT&T Global Network Firewall).
The second error seems to indicate that the agnfilt.sys caused the TMBMSRV.exe (Trend Micro service) to crash.
I would suggest to uninstall the AT&T Global Network Firewall and see if stability improves.
If not, then uninstall Trend Micro.
Also, I would suggest to hold off on enabling the Driver Verifier.
February 2nd, 2011 10:59am
Thanks for your Help, Auggy. I will try your suggested options.
Dhiraj
Free Windows Admin Tool Kit Click here and download it now
February 3rd, 2011 11:54pm
Hi, I have hp pavilion dv5 and last summer it gave me a lot of problems with blue screens. So now that I have switched to win7 from vista home basic, it has still not stopped.
It gives me BUGCODE_NSID Driver problem. 0x0000007C blue screen error. Today was the second time. And coincidently I switched to lan from using wifi. The following are the details of the error:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033
Additional information about the problem:
BCCode: 7c
BCP1: 00000003
BCP2: 8615E0E0
BCP3: 86A2F000
BCP4: 86A2F700
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1
Files that help describe the problem:
C:\Windows\Minidump\030511-17128-01.dmp
C:\Users\Sejal\AppData\Local\Temp\WER-35973-0.sysdata.xml
Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
Can anyone please help me with dealing with the problem. I really am sick of blue screens.
Thanks!
March 5th, 2011 8:26am
Bug Check 0x7C: BUGCODE_NDIS_DRIVER
. This bug check indicates that a problem occurred with an NDIS driver.
parameter 1 = 3 = A driver called NdisMFreeSharedMemory [Async ] with a shared memory pointer that had already been freed.
update all network card drivers and look if this fixed it."A programmer is just a tool which converts caffeine into code"
Want to install RSAT on Windows 7 Sp1? Check my HowTo: http://www.msfn.org/board/index.php?showtopic=150221
Free Windows Admin Tool Kit Click here and download it now
March 5th, 2011 9:19am
Guys sorry to Hijack the thread but I need some help. This is what I got after running winDBg. Am i correct to assume the error is under FAULTING_IP? IF yes how do I look up what exactly is causing it? Thanks for the help in advance,
any help Iwould trulley appreciated.
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
nt!ExpInterlockedPopEntrySListResume+b
8304d04f 8b5504 mov edx,dword ptr [ebp+4]
EXCEPTION_RECORD: 8ed07760 -- (.exr 0xffffffff8ed07760)
ExceptionAddress: 8304d04f (nt!ExpInterlockedPopEntrySListResume+0x0000000b)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 000000b4
Attempt to read from address 000000b4
CONTEXT: 8ed07340 -- (.cxr 0xffffffff8ed07340)
eax=00000000 ebx=8ed07908 ecx=000000b0 edx=00000000 esi=00000000 edi=881ec030
eip=8304d04f esp=8ed07828 ebp=000000b0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00210246
nt!ExpInterlockedPopEntrySListResume+0xb:
8304d04f 8b5504 mov edx,dword ptr [ebp+4] ss:0010:000000b4=????????
Resetting default scope
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 000000b4
READ_ADDRESS: 000000b4
FOLLOWUP_IP:
CLASSPNP!DequeueFreeTransferPacket+1f
8cfb43e8 85c0 test eax,eax
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
LAST_CONTROL_TRANSFER: from 8cfb43e8 to 8304d04f
STACK_TEXT:
8ed07830 8cfb43e8 00000008 881ec0e8 8ed07900 nt!ExpInterlockedPopEntrySListResume+0xb
8ed07840 8cfb8104 881ec030 00000001 881ec0e8 CLASSPNP!DequeueFreeTransferPacket+0x1f
8ed07908 8cfa1f03 881ec030 881ec0e8 8ed07930 CLASSPNP!ClassReadDriveCapacity+0xaa
8ed07918 8cfa64f6 881ec030 00000000 86ca08f8 disk!DiskReadDriveCapacity+0x25
8ed07930 8cfa0c75 881ec030 86ca08f8 86ca08f8 disk!DiskIoctlGetLengthInfo+0x40
8ed0794c 8cfb5e38 881ec030 0007405c 881f0540 disk!DiskDeviceControl+0x117
8ed07968 8cfb43bf 881ec030 86ca08f8 881ec030 CLASSPNP!ClassDeviceControlDispatch+0x48
8ed0797c 830424ac 881ec030 86ca08f8 86ca08f8 CLASSPNP!ClassGlobalDispatch+0x20
8ed07994 8c9e08bd 8729cd10 86ca08f8 00000000 nt!IofCallDriver+0x63
8ed079ac 8c9e02e5 00000000 881f0630 881f0540 partmgr!PmFilterDeviceControl+0x23c
8ed079c0 830424ac 881f0540 86ca08f8 882940b0 partmgr!PmGlobalDispatch+0x1d
8ed079d8 8317ade6 881f062c 881ef450 42747346 nt!IofCallDriver+0x63
8ed07a08 8317ac91 881f0540 881ef458 881f062c nt!FstubGetDiskGeometry+0xde
8ed07a28 8317abc8 881f0540 8ed07a44 881f062c nt!FstubAllocateDiskInformation+0x31
8ed07a48 8c9e1065 881f0540 8ed07a6c 874603fc nt!IoReadPartitionTableEx+0x19
8ed07a70 8c9e7080 881f05f8 8ed07aa0 881f0540 partmgr!PmGetDriveLayoutEx+0x5b
8ed07a94 8c9e0759 881f0540 00000000 881eca50 partmgr!PmIoctlGetDriveLayoutEx+0x4d
8ed07ab4 8c9e02e5 00000000 881f0630 881f0540 partmgr!PmFilterDeviceControl+0xd8
8ed07ac8 830424ac 881f0540 87460320 881eca50 partmgr!PmGlobalDispatch+0x1d
8ed07ae0 8d1dfcf4 8d1deff6 86d67044 881eca50 nt!IofCallDriver+0x63
WARNING: Stack unwind information not available. Following frames may be wrong.
8ed07ae4 8d1deff6 86d67044 881eca50 881eca50 snapman+0xdcf4
8ed07af8 8d1dfc80 60000001 86d67000 86d67044 snapman+0xcff6
8ed07b10 8d1def62 60000001 86d67001 00001000 snapman+0xdc80
8ed07b28 8d1e06fc 87460320 881ec948 830424ac snapman+0xcf62
8ed07b34 830424ac 881ec948 87460320 00000000 snapman+0xe6fc
8ed07b4c 8ca54e19 882ae000 88040000 00000000 nt!IofCallDriver+0x63
8ed07b70 8ca66f17 881ec948 00070050 00000000 volmgrx!VmxpSendDeviceControl+0x49
8ed07ba8 8ca57239 881ec948 8ed07bec 86c0bf00 volmgrx!VmxpDiskGetDriveLayoutEx+0x41
8ed07bf4 8c814cd2 87bbdbf8 8ed07c3f 874953d0 volmgrx!VmxWholeDiskArrivedImmediate+0x71
8ed07c10 8c8164a8 86c0bf00 87bbdbf8 8ed07c3f volmgr!VmpWholeDiskArrivedImmediate+0x2a
8ed07c30 8c80e115 86c0bf00 00495320 874953d0 volmgr!VmpWholeDiskArrived+0x36
8ed07c48 830424ac 86c0be48 87495320 874953f4 volmgr!VmInternalDeviceControl+0xfd
8ed07c60 831bd526 87495320 86c0bd80 881f05f8 nt!IofCallDriver+0x63
8ed07c8c 8c9e7bcc 86c0be48 87495320 881cd750 nt!IoForwardIrpSynchronously+0x59
8ed07cb0 8c9e0c0b 881f05f8 881cd750 881f0540 partmgr!PmGiveDisk+0x94
8ed07cec 83226b25 001f0540 00000000 85f07a70 partmgr!PmNotificationWorkItem+0x2ef
8ed07d00 8307403b 881cd750 00000000 85f07a70 nt!IopProcessWorkItem+0x23
8ed07d50 832149df 00000000 a46d951a 00000000 nt!ExpWorkerThread+0x10d
8ed07d90 830c61d9 83073f2e 00000000 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: CLASSPNP!DequeueFreeTransferPacket+1f
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: CLASSPNP
IMAGE_NAME: CLASSPNP.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bbf18
STACK_COMMAND: .cxr 0xffffffff8ed07340 ; kb
FAILURE_BUCKET_ID: 0x7E_CLASSPNP!DequeueFreeTransferPacket+1f
BUCKET_ID: 0x7E_CLASSPNP!DequeueFreeTransferPacket+1f
Followup: MachineOwner
March 21st, 2011 7:47pm
I am trying to do this similar to everyone else so I have a dell inspiron 1545 64 w/ windows 7 64 bit OS. I am unable to read the minidump file so I used the app crash view and here are the details for the blue screen crash:
Version=1
EventType=BlueScreen
EventTime=129453856123501472
ReportType=4
Consent=1
UploadTime=129453986108925681
ReportIdentifier=d86f9492-558b-11e0-8f47-a194fb93c69b
IntegratorReportIdentifier=032311-32526-01
Response.type=4
Response.AnalysisBucket=X64_0xD1_NETIO!NetioDereferenceNetBufferList+86
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7601.2.1.0.768.3
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1033
UI[2]=C:\Windows\system32\wer.dll
UI[3]=Windows has recovered from an unexpected shutdown
UI[4]=Windows can check online for a solution to the problem the next time you go online.
UI[5]=&Check for solution
UI[6]=&Check later
UI[7]=Cancel
UI[8]=Windows has recovered from an unexpected shutdown
UI[9]=A problem caused Windows to stop working correctly. Windows will notify you if a solution is available.
UI[10]=Close
Sec[0].Key=BCCode
Sec[0].Value=d1
Sec[1].Key=BCP1
Sec[1].Value=0000000000000000
Sec[2].Key=BCP2
Sec[2].Value=0000000000000002
Sec[3].Key=BCP3
Sec[3].Value=0000000000000000
Sec[4].Key=BCP4
Sec[4].Value=FFFFF88001AAEF92
Sec[5].Key=OS Version
Sec[5].Value=6_1_7601
Sec[6].Key=Service Pack
Sec[6].Value=1_0
Sec[7].Key=Product
Sec[7].Value=768_1
State[0].Key=Transport.DoneStage1
State[0].Value=1
State[1].Key=CA
State[1].Value=1
State[2].Key=BLOB
State[2].Value=CHKSUM=A24CDEF70D419F0F3124ABC0BA0E0D18;BID=OCATAG;ID=d4518014-7c9f-4749-9105-6a43867f32c4;SUB=3//23//2011 5:03:35 PM
File[0].CabName=032311-32526-01.dmp
File[0].Path=032311-32526-01.dmp
File[0].Flags=851970
File[0].Type=2
File[0].Original.Path=C:\Windows\Minidump\032311-32526-01.dmp
File[1].CabName=sysdata.xml
File[1].Path=WER-66752-0.sysdata.xml
File[1].Flags=851970
File[1].Type=5
File[1].Original.Path=C:\Users\RLLOYD\AppData\Local\Temp\WER-66752-0.sysdata.xml
File[2].CabName=WERInternalMetadata.xml
File[2].Path=WER48B2.tmp.WERInternalMetadata.xml
File[2].Flags=589826
File[2].Type=5
File[2].Original.Path=C:\Users\RLLOYD\AppData\Local\Temp\WER48B2.tmp.WERInternalMetadata.xml
File[3].CabName=Report.cab
File[3].Path=Report.cab
File[3].Flags=196608
File[3].Type=7
File[3].Original.Path=Report.cab
FriendlyEventName=Shut down unexpectedly
ConsentKey=BlueScreen
AppName=Windows
AppPath=C:\Windows\System32\WerFault.exe
Free Windows Admin Tool Kit Click here and download it now
March 23rd, 2011 10:49pm
create a new topic and upload the dmp files."A programmer is just a tool which converts caffeine into code"
Want to install RSAT on Windows 7 Sp1? Check my HowTo: http://www.msfn.org/board/index.php?showtopic=150221
March 24th, 2011 10:24am
Hi Auggy, I've been trying to figure this problem out and use the debug tool but I don't understand this stuff lol. Any help would be appreciated. Here is the info.
Problem signature:
Problem Event Name:
BlueScreen
OS Version:
6.1.7601.2.1.0.768.3
Locale ID:
1033
Additional information about the problem:
BCCode:
d1
BCP1:
FFFFF8A00B19FF40
BCP2:
0000000000000002
BCP3:
0000000000000001
BCP4:
FFFFF88004359CA1
OS Version:
6_1_7601
Service Pack:
1_0
Product:
768_1
Files that help describe the problem:
C:\Windows\Minidump\041712-19219-01.dmp
C:\Users\TJ\AppData\Local\Temp\WER-29062-0.sysdata.xml
Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
Free Windows Admin Tool Kit Click here and download it now
April 17th, 2012 11:56pm
Does it a x64 system or a x86 system? Upload your dump file on skydrive & provide us link to check dmp file.
Dhiraj
April 18th, 2012 12:34am
Hello, any ideas what could bre the problem here:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 4105
Additional information about the problem:
BCCode: 1000007e
BCP1: FFFFFFFFC0000005
BCP2: FFFFF88005A43CA1
BCP3: FFFFF880041F88E8
BCP4: FFFFF880041F8140
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1
Files that help describe the problem:
C:\Windows\Minidump\041812-19453-01.dmp
C:\Users\Administrator\AppData\Local\Temp\WER-48921-0.sysdata.xml
Free Windows Admin Tool Kit Click here and download it now
April 18th, 2012 2:06am
same as mentioned above. can be get clue only from the dmp file.
Dhiraj
April 18th, 2012 4:28am
0xd1:
http://mikemstech.blogspot.com/2011/11/troubleshooting-0xd1.html
--
Mike Burr
Enterprise High Availability, Disaster Recovery, and Business Continuity Planning
Learn to Troubleshoot Windows BSODs
Free Windows Admin Tool Kit Click here and download it now
April 18th, 2012 10:52am
for 0x7E:
http://mikemstech.blogspot.com/2012/03/troubleshooting-0x7e.html
--
Mike Burr
Enterprise High Availability, Disaster Recovery, and Business Continuity Planning
Learn to Troubleshoot Windows BSODs
April 18th, 2012 10:53am
It is a x64 system I believe. Here is the link: https://skydrive.live.com/redir.aspx?cid=897f98b5b753518c&resid=897F98B5B753518C!142&parid=897F98B5B753518C!130&authkey=!ALcEmL1q0IWm3d4
Thanks,
Free Windows Admin Tool Kit Click here and download it now
April 22nd, 2012 1:30pm
Error seems to be either from Display Driver or from DirectX component. you can try below.
Update Display driver
Install latest windows updates
Run Memory disgnostics
Dhiraj
April 23rd, 2012 5:41am
If problems continue consider re-seating both the video card and the physical RAM.
Also, there appears to be an BIOS update for the motherboard (P8Z68-V PRO GEN3) which you could also consider applying.
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2012 11:59pm
Gooday,
My system's text;
Problem signature
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033
Extra information about the problem
BCCode: 116
BCP1: 86F2F2C8
BCP2: 8DE10C26
BCP3: 00000000
BCP4: 00000002
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1
Bucket ID: 0x116_TdrBCR:2_Tdr:2_IMAGE_atikmdag.sys
Server information: 111069df-7236-45b4-9928-9143267d96a1
April 27th, 2012 5:49am
when i click a program blue screen comes up, dunno which program or someting termites it, can anyone help,
here is dump file:
https://skydrive.live.com/redir.aspx?cid=af3ba9874a14a989&resid=AF3BA9874A14A989!117&parid=root
Free Windows Admin Tool Kit Click here and download it now
May 2nd, 2012 4:30am
Hi dmrkn,
The driver that appears to be causing the crash is the windrvNT.sys:
BUCKET_ID: 0x8E_windrvNT+1703
The windrvNT.sys, which is dated May 10, 2004, appears to be a driver for Folder Lock.
The process that crashed is the themaPoster.exe
Can you try updating, or if necessary uninstall Folder Lock and see if the issue resolves?
The same error was discussed in the following link:
http://poster.freddy.lt/forum/viewtopic.php?f=4&t=1523
In that link McAfee appeared to be blamed however you are running Avast not McAfee.
However if Avast has been recently updated and this problem just appeared recently Avast may be contributing to the problem.
May 2nd, 2012 6:19pm
Hi nze0704,
The driver that appears to be at issue is the atikmdag.sys:
Bucket ID: 0x116_TdrBCR:2_Tdr:2_IMAGE_atikmdag.sys
More information on the error:
http://technet.microsoft.com/en-us/query/ff557263
So try uninstalling the ATI video driver and reinstall the latest version available.
Free Windows Admin Tool Kit Click here and download it now
May 2nd, 2012 6:24pm
Help. BSOD and a dmp file at https://skydrive.live.com/redir.aspx?cid=ccd762c2c5f7689c&resid=CCD762C2C5F7689C!127&parid=CCD762C2C5F7689C!113&authkey=!AHU48VI2QdzCs6Q
Any help is much appreciated.
-Eric
May 2nd, 2012 10:20pm
You're the man
auggy :) Deleted manually windrvNT.sys from system32 and it solved! Appreciated!
Free Windows Admin Tool Kit Click here and download it now
May 3rd, 2012 5:08am
You're welcome.
May 3rd, 2012 7:59am
Hi cawoodea,
The minidump file showed a DRIVER_POWER_STATE_FAILURE (9f) stop error referencing the hpdskflt.sys:
BugCheck 1000009F, {4, 258, fffffa8003b8b680, fffff80004d64510}
Unable to load image \SystemRoot\system32\DRIVERS\hpdskflt.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for hpdskflt.sys
*** ERROR: Module load completed but symbols could not be loaded for
hpdskflt.sys
Probably caused by : umbus.sys
The hpdskflt.sys is a driver for HP ProtectSmart Hard Drive Protection program.
Can you try uninstalling the HP ProtectSmart Hard Drive Protection program and then install the latest version available for the laptop.
There is the following version you could try:
http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?cc=us&lc=en&dlc=en&softwareitem=ob-96119-1
Free Windows Admin Tool Kit Click here and download it now
May 3rd, 2012 8:08am
This is great! I'll try to do this later today when I get home and will post back. At least now I feel like I have a fighting chance - Thanks Auggy!
May 3rd, 2012 9:17am
You're welcome, and good luck!
Free Windows Admin Tool Kit Click here and download it now
May 3rd, 2012 10:40pm
So I went to try an uninstall the HP ProtectSmart Hard Drive program and it wouldn't allow me too. So I googled how to do that and came up with this other link: http://www.techsupportforum.com/forums/f299/solved-usb-stops-working-bsod-on-win7-64-bit-486221.html that
mentioned a WD SANS storage drive. Since I have a MyBookWorld Drive I decided to uninstall that and what do you know everything works again! I don't see the drive as one of my devices but I've mapped a drive to it and it works perfectly.
I've also reinstalled AVG which I heard might have been the problem too. Hope this information might help someone else.
May 4th, 2012 7:57am
Glad to see you got it working. Thanks for the follow-up.
Free Windows Admin Tool Kit Click here and download it now
May 5th, 2012 1:37pm
Hi auggy... I have a blue screen error and I dont know what to do...cant load win 7 as when it booting... window 7 appear and the second I get into windows home page its boot up and blue screen appear here is the scan
Version=1
EventType=BlueScreen
EventTime=129809014641756645
ReportType=4
Consent=1
UploadTime=129809021251762889
ReportIdentifier=a6711860-988f-11e1-9a9f-eb38eba38a41
IntegratorReportIdentifier=050712-14274-01
Response.type=4
Response.AnalysisBucket=X64_0xA_epfwwfp+4cb6
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7601.2.1.0.256.1
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=3084
UI[2]=C:\Windows\system32\wer.dll
UI[3]=Windows has recovered from an unexpected shutdown
UI[4]=Windows can check online for a solution to the problem.
UI[5]=&Check for solution
UI[6]=&Check later
UI[7]=Cancel
UI[8]=Windows has recovered from an unexpected shutdown
UI[9]=A problem caused Windows to stop working correctly. Windows will notify you if a solution is available.
UI[10]=Close
Sec[0].Key=BCCode
Sec[0].Value=a
Sec[1].Key=BCP1
Sec[1].Value=0000000000000000
Sec[2].Key=BCP2
Sec[2].Value=0000000000000002
Sec[3].Key=BCP3
Sec[3].Value=0000000000000001
Sec[4].Key=BCP4
Sec[4].Value=FFFFF80003048B7E
Sec[5].Key=OS Version
Sec[5].Value=6_1_7601
Sec[6].Key=Service Pack
Sec[6].Value=1_0
Sec[7].Key=Product
Sec[7].Value=256_1
State[0].Key=Transport.DoneStage1
State[0].Value=1
State[1].Key=CA
State[1].Value=1
State[2].Key=BLOB
State[2].Value=CHKSUM=840E63557B6B49F1D50A9D7D9DBF1A62;BID=OCATAG;ID=30e02513-ae8a-458e-9483-9c70c45c5a38;SUB=5//7//2012 3:08:55 PM
File[0].CabName=050712-14274-01.dmp
File[0].Path=050712-14274-01.dmp
File[0].Flags=851970
File[0].Type=2
File[0].Original.Path=C:\Windows\Minidump\050712-14274-01.dmp
File[1].CabName=sysdata.xml
File[1].Path=WER-27690-0.sysdata.xml
File[1].Flags=851970
File[1].Type=5
File[1].Original.Path=C:\Users\Moz\AppData\Local\Temp\WER-27690-0.sysdata.xml
File[2].CabName=WERInternalMetadata.xml
File[2].Path=WERA6C9.tmp.WERInternalMetadata.xml
File[2].Flags=589827
File[2].Type=5
File[2].Original.Path=C:\Users\Moz\AppData\Local\Temp\WERA6C9.tmp.WERInternalMetadata.xml
File[3].CabName=Report.cab
File[3].Path=Report.cab
File[3].Flags=196608
File[3].Type=7
File[3].Original.Path=Report.cab
FriendlyEventName=Shut down unexpectedly
ConsentKey=BlueScreen
AppName=Windows
AppPath=C:\Windows\System32\WerFault.exe
May 7th, 2012 6:45pm
It may help to look at the minidump files from the crashes with a debugger.
In Safe Mode can you zip up the minidump files in the C:\Windows\Minidump folder and then make available (provide link) via Windows Live SkyDrive or similar site?
The following link has information on using Windows Live SkyDrive:
http://social.technet.microsoft.com/Forums/en-US/w7itproui/thread/4fc10639-02db-4665-993a-08d865088d65
If you have problems zipping the minidump files copy the minidump files to another location such as a folder on the Desktop
Also, you do not necessarily have to zip up the minidump files, you can upload them one at a time.
Free Windows Admin Tool Kit Click here and download it now
May 9th, 2012 11:12pm
Hey auggy, just wanted to say your help is very much appreciated, and would also very much like your help in finding out what is causing my BSOD
here's what the dump file looks like http://i.imgur.com/l8eCt.png
regards - Mo
June 9th, 2012 4:32am
Hi MomohLibya,
Here is some good information on the error you received (Bug Check 0x124: WHEA_UNCORRECTABLE_ERROR):
http://www.sevenforums.com/crash-lockup-debug-how/35349-stop-0x124-what-means-what-try.html
Consider opening a a new topic on your issue if you need further help.
Free Windows Admin Tool Kit Click here and download it now
June 10th, 2012 10:56pm
Hello auggy!
I have been experiencing a BSOD, the last 2 times has been when using a usb port (2 different ones)
Could you have a look at the .dmp file for me?
I couldn't figure out the windows sky drive so I just uploaded it to zippyshare.
http://www15.zippyshare.com/v/75186865/file.html
Thanks.
July 3rd, 2012 8:55am
Hi p_aull105,
The minidump file showed a BAD_POOL_CALLER (c2) stop error caused by the stdriver64.sys:
BUCKET_ID: X64_0xc2_7_Ala4_stdriver64+11d76
The stdriver64.sys is a SoundTap driver so try uninstalling SoundTap if it is installed
The stdriver64.sys may also be a component of other sound related software.
Consider opening a new topic on your issue if you need further help.
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2012 11:10am
Thanks auggy, I have Debut installed which is from NCH and uses the stdriver64.sys.
This is an important program so I'll try updating or downgrading it to see if I can get a more stable version. For now I have moved the stdriver64.sys files out of the Debut install location in hopes that it might help. I'll also be using CCleaner professional
to clean up my registry and see if that helps as well.
Thanks.
July 4th, 2012 3:07am
So I'm on a fresh Windows install, everything seems to be working fine.
First odd thing that happens is physical memory usage goes up to 97% and no processes were using anywhere near that amount (8gb).
A restart fixed that issue, I've never had it before though.
After some hours of normal use a video editing program seems to be running slower than it used to, then it blue screens saying IRQL_NOT_LESS_OR_EQUAL or something.
Here is the .dmp file from that crash, if anyone could help tell me the cause and a possible solution I would appreciate it.
http://www50.zippyshare.com/v/68932209/file.html
July 10th, 2012 7:33am
More about this error in general:
http://mikemstech.blogspot.com/2011/11/how-to-troubleshoot-blue-screen-0xa.html
The debugger indicates that this is likely due to the AVG Antivirus/Intrusion Detection System software. Based on the symbol information, the AVG driver is from 2011. I would recommend seeing if there are updates for AVG. Alternatively, if you let the subscription
lapse, then you might want to fully uninstall AVG and install a different antivirus.
1: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffa7fffffd010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002d03efe, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f0f100
fffffa7fffffd010
CURRENT_IRQL: 2
FAULTING_IP:
nt!MiRemoveAnyPage+13e
fffff800`02d03efe f0410fba6c241000 lock bts dword ptr [r12+10h],0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: explorer.exe
TRAP_FRAME: fffff8800cf6d0b0 -- (.trap 0xfffff8800cf6d0b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000002 rbx=0000000000000000 rcx=0000000000000002
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002d03efe rsp=fffff8800cf6d240 rbp=fffff8800cf6d280
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!MiRemoveAnyPage+0x13e:
fffff800`02d03efe f0410fba6c241000 lock bts dword ptr [r12+10h],0 ds:792b:00000000`00000010=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002cdf769 to fffff80002ce01c0
STACK_TEXT:
fffff880`0cf6cf68 fffff800`02cdf769 : 00000000`0000000a fffffa7f`ffffd010 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0cf6cf70 fffff800`02cde3e0 : fffffa80`06f10e90 fffffa80`06cc9930 00000000`00000001 00000000`00000029 : nt!KiBugCheckDispatch+0x69
fffff880`0cf6d0b0 fffff800`02d03efe : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260
fffff880`0cf6d240 fffff800`02c9f8b0 : fa8008ca`0c3004c0 00000000`00000000 00000000`00000052 00000000`00000000 : nt!MiRemoveAnyPage+0x13e
fffff880`0cf6d360 fffff800`02f7839a : fffffa80`08997cd0 fffffa80`00000001 fffffa80`08997cd0 00000000`00000005 : nt!MiPfPutPagesInTransition+0x7c7
fffff880`0cf6d4d0 fffff800`02cce57d : fffffa80`08997cd0 00000003`1bb9f000 00000000`0005d000 00000000`0031bb9f : nt!MmPrefetchForCacheManager+0x8e
fffff880`0cf6d520 fffff800`02fc5a00 : 00000000`00000000 00000003`1bb9f794 fffffa80`0855db20 00000000`30b4c020 : nt!CcFetchDataForRead+0x17d
fffff880`0cf6d580 fffff880`0124d730 : fffff8a0`00000000 00000000`00000005 fffff8a0`0002086c fffff800`02cf6201 : nt!CcCopyRead+0x180
fffff880`0cf6d640 fffff880`0124dda3 : fffff8a0`0c450c70 fffff8a0`0c450c70 fffff880`0cf6d870 fffff880`0cf6d768 : Ntfs!NtfsCachedRead+0x180
fffff880`0cf6d6a0 fffff880`0124fa68 : fffffa80`07599580 fffffa80`09d6cc10 fffff880`0cf6d801 fffffa80`07a0d900 : Ntfs!NtfsCommonRead+0x583
fffff880`0cf6d840 fffff880`010c1bcf : fffffa80`09d6cfb0 fffffa80`09d6cc10 fffffa80`07a0d9d0 00000000`00000001 : Ntfs!NtfsFsdRead+0x1b8
fffff880`0cf6d8f0 fffff880`010c06df : fffffa80`08b3ac90 00000000`00000001 fffffa80`08b3ac00 fffffa80`09d6cc10 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`0cf6d980 fffff880`05473b88 : 00000000`00000000 00000000`30b4c020 00000000`00000001 fffffa80`09c03060 : fltmgr!FltpDispatch+0xcf
fffff880`0cf6d9e0 00000000`00000000 : 00000000`30b4c020 00000000`00000001 fffffa80`09c03060 fffffa80`0855db20 : AVGIDSFilter+0x1b88
STACK_COMMAND: kb
FOLLOWUP_IP:
AVGIDSFilter+1b88
fffff880`05473b88 ?? ???
SYMBOL_STACK_INDEX: d
SYMBOL_NAME: AVGIDSFilter+1b88
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: AVGIDSFilter
IMAGE_NAME: AVGIDSFilter.Sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4e1a2991
FAILURE_BUCKET_ID: X64_0xA_AVGIDSFilter+1b88
BUCKET_ID: X64_0xA_AVGIDSFilter+1b88
Followup: MachineOwner
---------
1: kd> lmvm AVGIDSFilter
start end module name
fffff880`05472000 fffff880`0547d000 AVGIDSFilter T (no symbols)
Loaded symbol image file: AVGIDSFilter.Sys
Image path: \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
Image name: AVGIDSFilter.Sys
Timestamp: Sun Jul 10 16:37:05 2011 (4E1A2991)
CheckSum: 0000D913
ImageSize: 0000B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Free Windows Admin Tool Kit Click here and download it now
July 10th, 2012 9:35pm
Ah, I just recently got AVG 2012, might have to change now.
What anti virus/ general protection would you recommend?
Thank you very much for looking at my problem I appreciate it alot :)
July 11th, 2012 1:25am
Hey Auggy, I used WinDbg to view my crash dump, the "probable" cause of the crash is ataport.sys. I'm not sure if this is correct or not, but I get the BSOD at least once a day. I installed SIW and fixed many of the more important problems, but am still
getting the crashes. I don't know if rolling back an ATA driver is the best idea, so I haven't tried it myself, I just want to double check before I start playing around with my port drivers.
Free Windows Admin Tool Kit Click here and download it now
August 25th, 2012 6:44am
Hi TreAbernathy,
I would suggest to run a scan with the following two applications to see if they pick anything up:
TDSSKiller:
http://support.kaspersky.com/faq/?qid=208283363
Malwarebytes Antimalware (free version) - do a "Full Scan":
http://www.malwarebytes.org/products/malwarebytes_free
If you need further help consider starting a new topic on the issue.
August 25th, 2012 7:00am