dmp file and blue screen error Windows 7
Hi, Just wondering if someone can tell me how to read the dmp file created after the blue screen appears ? I have just recently upgraded my Toshiba P300 from Vista 64 bit to Windows 7 Home Prem 64 bit. I dont know why Windows 7 keeps crashing and so far I have no idea of how to open the .dmp file (I have zipped the dmp file and attahced below). http://cid-7a99d6152c55359c.skydrive.live.com/self.aspx/.Public/minidump/022710-26223-01.zip The message that I been given so far says : Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7600.2.0.0.768.3 Locale ID: 3081 Additional information about the problem: BCCode: a BCP1: FFFFF6FC40052000 BCP2: 0000000000000002 BCP3: 0000000000000000 BCP4: FFFFF80002E62322 OS Version: 6_1_7600 Service Pack: 0_0 Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\022710-26223-01.dmp C:\Users\Caroline\AppData\Local\Temp\WER-125393-0.sysdata.xml
February 26th, 2010 10:06pm

The minidump file showed that the driver which caused the crash was the klim6.sys, which is a Kaspersky driver.I would suggest to uninstall Kaspersky and see if the BSODs resolve.Afterwards you could consider re-installing Kaspersky using the latest version.BTW, a handy application to read minidump files is BlueScreenView:http://www.nirsoft.net/utils/blue_screen_view.htmlHowever, you may find using WinDbg of the Debugging Tools for Windows gives you more complete information.You can download the Debugging Tools for Windows from the following link:http://www.microsoft.com/whdc/devtools/debugging/default.mspxThere is a tutorial in the following link on setting up WinDbg, such as setting the symbol path and utilizing the !analyze -v command:http://www.sevenforums.com/crash-lockup-debug-how/26584-2-intermediate-configuring-debugging-tools.html
Free Windows Admin Tool Kit Click here and download it now
March 1st, 2010 11:25pm

Hi auggy,Many thanks for the help. Will uninstall Kaspersky and re-install 2010 version.Cheers,Kara
March 2nd, 2010 4:39pm

Hi Auggy, Need your help. what to check in BlueScreenView. as per your above post, i am trying to check one BSOD Dump which is showing caused by driver ntkrnlpa.exe. Dhiraj
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2011 2:14am

ntkrnlpa.exe is not the cause of the crash. If you use WinDbg of the Debugging Tools for Windows it may identify the actual driver causing the crash. If you want, can you zip up the minidump file(s) and make available (provide link) via Windows Live SkyDrive or similar site? The following link has information on using Windows Live SkyDrive: http://social.technet.microsoft.com/Forums/en-US/w7itproui/thread/4fc10639-02db-4665-993a-08d865088d65
February 2nd, 2011 8:42am

Thanks for your prompt response, Auggy. WinDBG showing below output. DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 0ca32751, memory referenced Arg2: 00000002, IRQL Arg3: 00000000, value 0 = read operation, 1 = write operation Arg4: 8dfefa9e, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: GetPointerFromAddress: unable to read from 82743868 Unable to read MiSystemVaType memory at 82723420 0ca32751 CURRENT_IRQL: 2 FAULTING_IP: +6665383534303736 8dfefa9e ?? ??? CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xD1 TRAP_FRAME: b9ab5a58 -- (.trap 0xffffffffb9ab5a58) ErrCode = 00000000 eax=157aafd5 ebx=0ca3274b ecx=15d46244 edx=00000000 esi=00000000 edi=00000000 eip=8dfefa9e esp=b9ab5acc ebp=b9ab5ae4 iopl=0 nv up ei ng nz na pe cy cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010287 8dfefa9e ?? ??? Resetting default scope LAST_CONTROL_TRANSFER: from 8dfefa9e to 82659fd9 STACK_TEXT: b9ab5a58 8dfefa9e badb0d00 00000000 826509c6 nt!KiTrap0E+0x2e1 WARNING: Frame IP not in any known module. Following frames may be wrong. b9ab5ac8 85065590 84d88008 85791698 15d46244 0x8dfefa9e b9ab5ae4 8dfedede 85791698 0000000e ffffffff 0x85065590 b9ab5c5c 826b31fb 00000000 858a9630 c0000001 0x8dfedede b9ab5c60 00000000 858a9630 c0000001 b324c2c0 nt!IopfCompleteRequest+0x11d STACK_COMMAND: kb FOLLOWUP_IP: nt!KiTrap0E+2e1 82659fd9 833d84ac738200 cmp dword ptr [nt!KiFreezeFlag (8273ac84)],0 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!KiTrap0E+2e1 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrpamp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4c0e557c FAILURE_BUCKET_ID: 0xD1_nt!KiTrap0E+2e1 BUCKET_ID: 0xD1_nt!KiTrap0E+2e1 Followup: MachineOwner --------- Dhiraj
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2011 8:50am

Since the problematic driver is not identified try updating all third party drivers. If problem persists consider turning on the "Driver Verifier" against all non-Microsoft drivers to stress test them and try to weed out a problematic driver: Start > type verifier in the Search programs and files box and press "Enter" > Create standard settings > Next > Select driver names from a list > then select all non-Microsoft drivers > Finish Restart the computer. Continue to use the computer normally but if you experience any BSODs check the minidump file(s). If after enabling the Driver Verifier and restarting the computer you receive a BSOD on startup and cannot start Windows, restart the computer in "Safe Mode" and do the following: Start > type verifier in the Search programs and files box and press "Enter" > Delete existing settings > Finish Restart the computer, log into Normal Mode, and check the resulting minidump file.
February 2nd, 2011 10:13am

Thanks, i will try these steps. This user have also below two minidumps. 1) Debugging Details: ------------------ WRITE_ADDRESS: GetPointerFromAddress: unable to read from 8254b868 Unable to read MiSystemVaType memory at 8252b420 acd01562 FAULTING_IP: tmevtmgr+5562 acd01562 ?? ??? CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xCE PROCESS_NAME: svchost.exe CURRENT_IRQL: 0 TRAP_FRAME: b0fe5bc8 -- (.trap 0xffffffffb0fe5bc8) ErrCode = 00000010 eax=c0000240 ebx=00000000 ecx=825fbb3f edx=004a5917 esi=b0fe5d3c edi=863f4694 eip=acd01562 esp=b0fe5c3c ebp=b0fe5c4c iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246 <Unloaded_tmevtmgr.sys>+0x5562: acd01562 ?? ??? Resetting default scope IP_MODULE_UNLOADED: tmevtmgr+5562 acd01562 ?? ??? LAST_CONTROL_TRANSFER: from 82461dd4 to 824ac38d STACK_TEXT: b0fe5bb0 82461dd4 00000008 acd01562 00000000 nt!MmAccessFault+0x10a b0fe5bb0 acd01562 00000008 acd01562 00000000 nt!KiTrap0E+0xdc WARNING: Frame IP not in any known module. Following frames may be wrong. b0fe5c38 863f453c 863f453c 863f453c 00000000 <Unloaded_tmevtmgr.sys>+0x5562 b0fe5c6c 824bf3de 847be4d0 b0fe5d38 00000008 0x863f453c b0fe5d4c 8245ec7a 863f453c 0000004f 02edf748 nt!EtwpLogKernelEvent+0x1fe b0fe5d4c 00000023 863f453c 0000004f 02edf748 nt!KiFastCallEntry+0x12a 00000000 00000000 00000000 00000000 00000000 0x23 STACK_COMMAND: kb FOLLOWUP_IP: tmevtmgr+5562 acd01562 ?? ??? SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: tmevtmgr+5562 FOLLOWUP_NAME: MachineOwner MODULE_NAME: tmevtmgr IMAGE_NAME: tmevtmgr.sys DEBUG_FLR_IMAGE_TIMESTAMP: 0 FAILURE_BUCKET_ID: 0xCE_tmevtmgr+5562 BUCKET_ID: 0xCE_tmevtmgr+5562 Followup: MachineOwner --------- 2 ) Debugging Details: ------------------ DRVPOWERSTATE_SUBCODE: 3 IRP_ADDRESS: 85c80588 DEVICE_OBJECT: 86512030 DRIVER_OBJECT: 865899c0 IMAGE_NAME: agnfilt.sys DEBUG_FLR_IMAGE_TIMESTAMP: 46f3cd1b MODULE_NAME: agnfilt FAULTING_MODULE: 8dee9000 agnfilt CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x9F PROCESS_NAME: TMBMSRV.exe CURRENT_IRQL: 2 STACK_TEXT: 8039dd6c 826463fb 0000009f 00000003 84759c70 nt!KeBugCheckEx+0x1e 8039ddc8 82646018 8039de40 8039def0 82723401 nt!PopCheckIrpWatchdog+0x1ad 8039de08 826bf30b 827234e0 00000000 3ac9c8dc nt!PopCheckForIdleness+0x343 8039df28 826bef41 8039df70 8039df02 8039df78 nt!KiTimerListExpire+0x367 8039df88 826bf635 00000000 00000000 001b8e5b nt!KiTimerExpiration+0x2a0 8039dff4 826bd2f5 ae21fd10 00000000 00000000 nt!KiRetireDpcList+0xba 8039dff8 ae21fd10 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x45 WARNING: Frame IP not in any known module. Following frames may be wrong. 826bd2f5 00000000 0000001b 00c7850f bb830000 0xae21fd10 STACK_COMMAND: kb FOLLOWUP_NAME: MachineOwner FAILURE_BUCKET_ID: 0x9F_3_IMAGE_agnfilt.sys BUCKET_ID: 0x9F_3_IMAGE_agnfilt.sys Followup: MachineOwner Dhiraj
Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2011 10:38am

From those errors there are two drivers named as causing the crashes - the first error was the tmevtmgr.sys (Trend Micro driver) and the second error was the agnfilt.sys ( AT&T Global Network Firewall). The second error seems to indicate that the agnfilt.sys caused the TMBMSRV.exe (Trend Micro service) to crash. I would suggest to uninstall the AT&T Global Network Firewall and see if stability improves. If not, then uninstall Trend Micro. Also, I would suggest to hold off on enabling the Driver Verifier.
February 2nd, 2011 10:59am

Thanks for your Help, Auggy. I will try your suggested options. Dhiraj
Free Windows Admin Tool Kit Click here and download it now
February 3rd, 2011 11:54pm

Hi, I have hp pavilion dv5 and last summer it gave me a lot of problems with blue screens. So now that I have switched to win7 from vista home basic, it has still not stopped. It gives me BUGCODE_NSID Driver problem. 0x0000007C blue screen error. Today was the second time. And coincidently I switched to lan from using wifi. The following are the details of the error: Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7600.2.0.0.256.1 Locale ID: 1033 Additional information about the problem: BCCode: 7c BCP1: 00000003 BCP2: 8615E0E0 BCP3: 86A2F000 BCP4: 86A2F700 OS Version: 6_1_7600 Service Pack: 0_0 Product: 256_1 Files that help describe the problem: C:\Windows\Minidump\030511-17128-01.dmp C:\Users\Sejal\AppData\Local\Temp\WER-35973-0.sysdata.xml Read our privacy statement online: http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409 If the online privacy statement is not available, please read our privacy statement offline: C:\Windows\system32\en-US\erofflps.txt Can anyone please help me with dealing with the problem. I really am sick of blue screens. Thanks!
March 5th, 2011 8:26am

Bug Check 0x7C: BUGCODE_NDIS_DRIVER . This bug check indicates that a problem occurred with an NDIS driver. parameter 1 = 3 = A driver called NdisMFreeSharedMemory [Async ] with a shared memory pointer that had already been freed. update all network card drivers and look if this fixed it."A programmer is just a tool which converts caffeine into code" Want to install RSAT on Windows 7 Sp1? Check my HowTo: http://www.msfn.org/board/index.php?showtopic=150221
Free Windows Admin Tool Kit Click here and download it now
March 5th, 2011 9:19am

Guys sorry to Hijack the thread but I need some help. This is what I got after running winDBg. Am i correct to assume the error is under FAULTING_IP? IF yes how do I look up what exactly is causing it? Thanks for the help in advance, any help Iwould trulley appreciated. Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: nt!ExpInterlockedPopEntrySListResume+b 8304d04f 8b5504 mov edx,dword ptr [ebp+4] EXCEPTION_RECORD: 8ed07760 -- (.exr 0xffffffff8ed07760) ExceptionAddress: 8304d04f (nt!ExpInterlockedPopEntrySListResume+0x0000000b) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 000000b4 Attempt to read from address 000000b4 CONTEXT: 8ed07340 -- (.cxr 0xffffffff8ed07340) eax=00000000 ebx=8ed07908 ecx=000000b0 edx=00000000 esi=00000000 edi=881ec030 eip=8304d04f esp=8ed07828 ebp=000000b0 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00210246 nt!ExpInterlockedPopEntrySListResume+0xb: 8304d04f 8b5504 mov edx,dword ptr [ebp+4] ss:0010:000000b4=???????? Resetting default scope PROCESS_NAME: System CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 00000000 EXCEPTION_PARAMETER2: 000000b4 READ_ADDRESS: 000000b4 FOLLOWUP_IP: CLASSPNP!DequeueFreeTransferPacket+1f 8cfb43e8 85c0 test eax,eax BUGCHECK_STR: 0x7E DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE LAST_CONTROL_TRANSFER: from 8cfb43e8 to 8304d04f STACK_TEXT: 8ed07830 8cfb43e8 00000008 881ec0e8 8ed07900 nt!ExpInterlockedPopEntrySListResume+0xb 8ed07840 8cfb8104 881ec030 00000001 881ec0e8 CLASSPNP!DequeueFreeTransferPacket+0x1f 8ed07908 8cfa1f03 881ec030 881ec0e8 8ed07930 CLASSPNP!ClassReadDriveCapacity+0xaa 8ed07918 8cfa64f6 881ec030 00000000 86ca08f8 disk!DiskReadDriveCapacity+0x25 8ed07930 8cfa0c75 881ec030 86ca08f8 86ca08f8 disk!DiskIoctlGetLengthInfo+0x40 8ed0794c 8cfb5e38 881ec030 0007405c 881f0540 disk!DiskDeviceControl+0x117 8ed07968 8cfb43bf 881ec030 86ca08f8 881ec030 CLASSPNP!ClassDeviceControlDispatch+0x48 8ed0797c 830424ac 881ec030 86ca08f8 86ca08f8 CLASSPNP!ClassGlobalDispatch+0x20 8ed07994 8c9e08bd 8729cd10 86ca08f8 00000000 nt!IofCallDriver+0x63 8ed079ac 8c9e02e5 00000000 881f0630 881f0540 partmgr!PmFilterDeviceControl+0x23c 8ed079c0 830424ac 881f0540 86ca08f8 882940b0 partmgr!PmGlobalDispatch+0x1d 8ed079d8 8317ade6 881f062c 881ef450 42747346 nt!IofCallDriver+0x63 8ed07a08 8317ac91 881f0540 881ef458 881f062c nt!FstubGetDiskGeometry+0xde 8ed07a28 8317abc8 881f0540 8ed07a44 881f062c nt!FstubAllocateDiskInformation+0x31 8ed07a48 8c9e1065 881f0540 8ed07a6c 874603fc nt!IoReadPartitionTableEx+0x19 8ed07a70 8c9e7080 881f05f8 8ed07aa0 881f0540 partmgr!PmGetDriveLayoutEx+0x5b 8ed07a94 8c9e0759 881f0540 00000000 881eca50 partmgr!PmIoctlGetDriveLayoutEx+0x4d 8ed07ab4 8c9e02e5 00000000 881f0630 881f0540 partmgr!PmFilterDeviceControl+0xd8 8ed07ac8 830424ac 881f0540 87460320 881eca50 partmgr!PmGlobalDispatch+0x1d 8ed07ae0 8d1dfcf4 8d1deff6 86d67044 881eca50 nt!IofCallDriver+0x63 WARNING: Stack unwind information not available. Following frames may be wrong. 8ed07ae4 8d1deff6 86d67044 881eca50 881eca50 snapman+0xdcf4 8ed07af8 8d1dfc80 60000001 86d67000 86d67044 snapman+0xcff6 8ed07b10 8d1def62 60000001 86d67001 00001000 snapman+0xdc80 8ed07b28 8d1e06fc 87460320 881ec948 830424ac snapman+0xcf62 8ed07b34 830424ac 881ec948 87460320 00000000 snapman+0xe6fc 8ed07b4c 8ca54e19 882ae000 88040000 00000000 nt!IofCallDriver+0x63 8ed07b70 8ca66f17 881ec948 00070050 00000000 volmgrx!VmxpSendDeviceControl+0x49 8ed07ba8 8ca57239 881ec948 8ed07bec 86c0bf00 volmgrx!VmxpDiskGetDriveLayoutEx+0x41 8ed07bf4 8c814cd2 87bbdbf8 8ed07c3f 874953d0 volmgrx!VmxWholeDiskArrivedImmediate+0x71 8ed07c10 8c8164a8 86c0bf00 87bbdbf8 8ed07c3f volmgr!VmpWholeDiskArrivedImmediate+0x2a 8ed07c30 8c80e115 86c0bf00 00495320 874953d0 volmgr!VmpWholeDiskArrived+0x36 8ed07c48 830424ac 86c0be48 87495320 874953f4 volmgr!VmInternalDeviceControl+0xfd 8ed07c60 831bd526 87495320 86c0bd80 881f05f8 nt!IofCallDriver+0x63 8ed07c8c 8c9e7bcc 86c0be48 87495320 881cd750 nt!IoForwardIrpSynchronously+0x59 8ed07cb0 8c9e0c0b 881f05f8 881cd750 881f0540 partmgr!PmGiveDisk+0x94 8ed07cec 83226b25 001f0540 00000000 85f07a70 partmgr!PmNotificationWorkItem+0x2ef 8ed07d00 8307403b 881cd750 00000000 85f07a70 nt!IopProcessWorkItem+0x23 8ed07d50 832149df 00000000 a46d951a 00000000 nt!ExpWorkerThread+0x10d 8ed07d90 830c61d9 83073f2e 00000000 00000000 nt!PspSystemThreadStartup+0x9e 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: CLASSPNP!DequeueFreeTransferPacket+1f FOLLOWUP_NAME: MachineOwner MODULE_NAME: CLASSPNP IMAGE_NAME: CLASSPNP.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bbf18 STACK_COMMAND: .cxr 0xffffffff8ed07340 ; kb FAILURE_BUCKET_ID: 0x7E_CLASSPNP!DequeueFreeTransferPacket+1f BUCKET_ID: 0x7E_CLASSPNP!DequeueFreeTransferPacket+1f Followup: MachineOwner
March 21st, 2011 7:47pm

I am trying to do this similar to everyone else so I have a dell inspiron 1545 64 w/ windows 7 64 bit OS. I am unable to read the minidump file so I used the app crash view and here are the details for the blue screen crash: Version=1 EventType=BlueScreen EventTime=129453856123501472 ReportType=4 Consent=1 UploadTime=129453986108925681 ReportIdentifier=d86f9492-558b-11e0-8f47-a194fb93c69b IntegratorReportIdentifier=032311-32526-01 Response.type=4 Response.AnalysisBucket=X64_0xD1_NETIO!NetioDereferenceNetBufferList+86 DynamicSig[1].Name=OS Version DynamicSig[1].Value=6.1.7601.2.1.0.768.3 DynamicSig[2].Name=Locale ID DynamicSig[2].Value=1033 UI[2]=C:\Windows\system32\wer.dll UI[3]=Windows has recovered from an unexpected shutdown UI[4]=Windows can check online for a solution to the problem the next time you go online. UI[5]=&Check for solution UI[6]=&Check later UI[7]=Cancel UI[8]=Windows has recovered from an unexpected shutdown UI[9]=A problem caused Windows to stop working correctly. Windows will notify you if a solution is available. UI[10]=Close Sec[0].Key=BCCode Sec[0].Value=d1 Sec[1].Key=BCP1 Sec[1].Value=0000000000000000 Sec[2].Key=BCP2 Sec[2].Value=0000000000000002 Sec[3].Key=BCP3 Sec[3].Value=0000000000000000 Sec[4].Key=BCP4 Sec[4].Value=FFFFF88001AAEF92 Sec[5].Key=OS Version Sec[5].Value=6_1_7601 Sec[6].Key=Service Pack Sec[6].Value=1_0 Sec[7].Key=Product Sec[7].Value=768_1 State[0].Key=Transport.DoneStage1 State[0].Value=1 State[1].Key=CA State[1].Value=1 State[2].Key=BLOB State[2].Value=CHKSUM=A24CDEF70D419F0F3124ABC0BA0E0D18;BID=OCATAG;ID=d4518014-7c9f-4749-9105-6a43867f32c4;SUB=3//23//2011 5:03:35 PM File[0].CabName=032311-32526-01.dmp File[0].Path=032311-32526-01.dmp File[0].Flags=851970 File[0].Type=2 File[0].Original.Path=C:\Windows\Minidump\032311-32526-01.dmp File[1].CabName=sysdata.xml File[1].Path=WER-66752-0.sysdata.xml File[1].Flags=851970 File[1].Type=5 File[1].Original.Path=C:\Users\RLLOYD\AppData\Local\Temp\WER-66752-0.sysdata.xml File[2].CabName=WERInternalMetadata.xml File[2].Path=WER48B2.tmp.WERInternalMetadata.xml File[2].Flags=589826 File[2].Type=5 File[2].Original.Path=C:\Users\RLLOYD\AppData\Local\Temp\WER48B2.tmp.WERInternalMetadata.xml File[3].CabName=Report.cab File[3].Path=Report.cab File[3].Flags=196608 File[3].Type=7 File[3].Original.Path=Report.cab FriendlyEventName=Shut down unexpectedly ConsentKey=BlueScreen AppName=Windows AppPath=C:\Windows\System32\WerFault.exe
Free Windows Admin Tool Kit Click here and download it now
March 23rd, 2011 10:49pm

create a new topic and upload the dmp files."A programmer is just a tool which converts caffeine into code" Want to install RSAT on Windows 7 Sp1? Check my HowTo: http://www.msfn.org/board/index.php?showtopic=150221
March 24th, 2011 10:24am

Hi Auggy, I've been trying to figure this problem out and use the debug tool but I don't understand this stuff lol. Any help would be appreciated. Here is the info. Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.768.3 Locale ID: 1033 Additional information about the problem: BCCode: d1 BCP1: FFFFF8A00B19FF40 BCP2: 0000000000000002 BCP3: 0000000000000001 BCP4: FFFFF88004359CA1 OS Version: 6_1_7601 Service Pack: 1_0 Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\041712-19219-01.dmp C:\Users\TJ\AppData\Local\Temp\WER-29062-0.sysdata.xml Read our privacy statement online: http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409 If the online privacy statement is not available, please read our privacy statement offline: C:\Windows\system32\en-US\erofflps.txt
Free Windows Admin Tool Kit Click here and download it now
April 17th, 2012 11:56pm

Does it a x64 system or a x86 system? Upload your dump file on skydrive & provide us link to check dmp file. Dhiraj
April 18th, 2012 12:34am

Hello, any ideas what could bre the problem here: Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.256.48 Locale ID: 4105 Additional information about the problem: BCCode: 1000007e BCP1: FFFFFFFFC0000005 BCP2: FFFFF88005A43CA1 BCP3: FFFFF880041F88E8 BCP4: FFFFF880041F8140 OS Version: 6_1_7601 Service Pack: 1_0 Product: 256_1 Files that help describe the problem: C:\Windows\Minidump\041812-19453-01.dmp C:\Users\Administrator\AppData\Local\Temp\WER-48921-0.sysdata.xml
Free Windows Admin Tool Kit Click here and download it now
April 18th, 2012 2:06am

same as mentioned above. can be get clue only from the dmp file. Dhiraj
April 18th, 2012 4:28am

0xd1: http://mikemstech.blogspot.com/2011/11/troubleshooting-0xd1.html -- Mike Burr Enterprise High Availability, Disaster Recovery, and Business Continuity Planning Learn to Troubleshoot Windows BSODs
Free Windows Admin Tool Kit Click here and download it now
April 18th, 2012 10:52am

for 0x7E: http://mikemstech.blogspot.com/2012/03/troubleshooting-0x7e.html -- Mike Burr Enterprise High Availability, Disaster Recovery, and Business Continuity Planning Learn to Troubleshoot Windows BSODs
April 18th, 2012 10:53am

It is a x64 system I believe. Here is the link: https://skydrive.live.com/redir.aspx?cid=897f98b5b753518c&resid=897F98B5B753518C!142&parid=897F98B5B753518C!130&authkey=!ALcEmL1q0IWm3d4 Thanks,
Free Windows Admin Tool Kit Click here and download it now
April 22nd, 2012 1:30pm

Error seems to be either from Display Driver or from DirectX component. you can try below. Update Display driver Install latest windows updates Run Memory disgnostics Dhiraj
April 23rd, 2012 5:41am

If problems continue consider re-seating both the video card and the physical RAM. Also, there appears to be an BIOS update for the motherboard (P8Z68-V PRO GEN3) which you could also consider applying.
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2012 11:59pm

Gooday, My system's text; Problem signature Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.768.3 Locale ID: 1033 Extra information about the problem BCCode: 116 BCP1: 86F2F2C8 BCP2: 8DE10C26 BCP3: 00000000 BCP4: 00000002 OS Version: 6_1_7601 Service Pack: 1_0 Product: 768_1 Bucket ID: 0x116_TdrBCR:2_Tdr:2_IMAGE_atikmdag.sys Server information: 111069df-7236-45b4-9928-9143267d96a1
April 27th, 2012 5:49am

when i click a program blue screen comes up, dunno which program or someting termites it, can anyone help, here is dump file: https://skydrive.live.com/redir.aspx?cid=af3ba9874a14a989&resid=AF3BA9874A14A989!117&parid=root
Free Windows Admin Tool Kit Click here and download it now
May 2nd, 2012 4:30am

Hi dmrkn, The driver that appears to be causing the crash is the windrvNT.sys: BUCKET_ID: 0x8E_windrvNT+1703 The windrvNT.sys, which is dated May 10, 2004, appears to be a driver for Folder Lock. The process that crashed is the themaPoster.exe Can you try updating, or if necessary uninstall Folder Lock and see if the issue resolves? The same error was discussed in the following link: http://poster.freddy.lt/forum/viewtopic.php?f=4&t=1523 In that link McAfee appeared to be blamed however you are running Avast not McAfee. However if Avast has been recently updated and this problem just appeared recently Avast may be contributing to the problem.
May 2nd, 2012 6:19pm

Hi nze0704, The driver that appears to be at issue is the atikmdag.sys: Bucket ID: 0x116_TdrBCR:2_Tdr:2_IMAGE_atikmdag.sys More information on the error: http://technet.microsoft.com/en-us/query/ff557263 So try uninstalling the ATI video driver and reinstall the latest version available.
Free Windows Admin Tool Kit Click here and download it now
May 2nd, 2012 6:24pm

Help. BSOD and a dmp file at https://skydrive.live.com/redir.aspx?cid=ccd762c2c5f7689c&resid=CCD762C2C5F7689C!127&parid=CCD762C2C5F7689C!113&authkey=!AHU48VI2QdzCs6Q Any help is much appreciated. -Eric
May 2nd, 2012 10:20pm

You're the man auggy :) Deleted manually windrvNT.sys from system32 and it solved! Appreciated!
Free Windows Admin Tool Kit Click here and download it now
May 3rd, 2012 5:08am

You're welcome.
May 3rd, 2012 7:59am

Hi cawoodea, The minidump file showed a DRIVER_POWER_STATE_FAILURE (9f) stop error referencing the hpdskflt.sys: BugCheck 1000009F, {4, 258, fffffa8003b8b680, fffff80004d64510} Unable to load image \SystemRoot\system32\DRIVERS\hpdskflt.sys, Win32 error 0n2 *** WARNING: Unable to verify timestamp for hpdskflt.sys *** ERROR: Module load completed but symbols could not be loaded for hpdskflt.sys Probably caused by : umbus.sys The hpdskflt.sys is a driver for HP ProtectSmart Hard Drive Protection program. Can you try uninstalling the HP ProtectSmart Hard Drive Protection program and then install the latest version available for the laptop. There is the following version you could try: http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?cc=us&lc=en&dlc=en&softwareitem=ob-96119-1
Free Windows Admin Tool Kit Click here and download it now
May 3rd, 2012 8:08am

This is great! I'll try to do this later today when I get home and will post back. At least now I feel like I have a fighting chance - Thanks Auggy!
May 3rd, 2012 9:17am

You're welcome, and good luck!
Free Windows Admin Tool Kit Click here and download it now
May 3rd, 2012 10:40pm

So I went to try an uninstall the HP ProtectSmart Hard Drive program and it wouldn't allow me too. So I googled how to do that and came up with this other link: http://www.techsupportforum.com/forums/f299/solved-usb-stops-working-bsod-on-win7-64-bit-486221.html that mentioned a WD SANS storage drive. Since I have a MyBookWorld Drive I decided to uninstall that and what do you know everything works again! I don't see the drive as one of my devices but I've mapped a drive to it and it works perfectly. I've also reinstalled AVG which I heard might have been the problem too. Hope this information might help someone else.
May 4th, 2012 7:57am

Glad to see you got it working. Thanks for the follow-up.
Free Windows Admin Tool Kit Click here and download it now
May 5th, 2012 1:37pm

Hi auggy... I have a blue screen error and I dont know what to do...cant load win 7 as when it booting... window 7 appear and the second I get into windows home page its boot up and blue screen appear here is the scan Version=1 EventType=BlueScreen EventTime=129809014641756645 ReportType=4 Consent=1 UploadTime=129809021251762889 ReportIdentifier=a6711860-988f-11e1-9a9f-eb38eba38a41 IntegratorReportIdentifier=050712-14274-01 Response.type=4 Response.AnalysisBucket=X64_0xA_epfwwfp+4cb6 DynamicSig[1].Name=OS Version DynamicSig[1].Value=6.1.7601.2.1.0.256.1 DynamicSig[2].Name=Locale ID DynamicSig[2].Value=3084 UI[2]=C:\Windows\system32\wer.dll UI[3]=Windows has recovered from an unexpected shutdown UI[4]=Windows can check online for a solution to the problem. UI[5]=&Check for solution UI[6]=&Check later UI[7]=Cancel UI[8]=Windows has recovered from an unexpected shutdown UI[9]=A problem caused Windows to stop working correctly. Windows will notify you if a solution is available. UI[10]=Close Sec[0].Key=BCCode Sec[0].Value=a Sec[1].Key=BCP1 Sec[1].Value=0000000000000000 Sec[2].Key=BCP2 Sec[2].Value=0000000000000002 Sec[3].Key=BCP3 Sec[3].Value=0000000000000001 Sec[4].Key=BCP4 Sec[4].Value=FFFFF80003048B7E Sec[5].Key=OS Version Sec[5].Value=6_1_7601 Sec[6].Key=Service Pack Sec[6].Value=1_0 Sec[7].Key=Product Sec[7].Value=256_1 State[0].Key=Transport.DoneStage1 State[0].Value=1 State[1].Key=CA State[1].Value=1 State[2].Key=BLOB State[2].Value=CHKSUM=840E63557B6B49F1D50A9D7D9DBF1A62;BID=OCATAG;ID=30e02513-ae8a-458e-9483-9c70c45c5a38;SUB=5//7//2012 3:08:55 PM File[0].CabName=050712-14274-01.dmp File[0].Path=050712-14274-01.dmp File[0].Flags=851970 File[0].Type=2 File[0].Original.Path=C:\Windows\Minidump\050712-14274-01.dmp File[1].CabName=sysdata.xml File[1].Path=WER-27690-0.sysdata.xml File[1].Flags=851970 File[1].Type=5 File[1].Original.Path=C:\Users\Moz\AppData\Local\Temp\WER-27690-0.sysdata.xml File[2].CabName=WERInternalMetadata.xml File[2].Path=WERA6C9.tmp.WERInternalMetadata.xml File[2].Flags=589827 File[2].Type=5 File[2].Original.Path=C:\Users\Moz\AppData\Local\Temp\WERA6C9.tmp.WERInternalMetadata.xml File[3].CabName=Report.cab File[3].Path=Report.cab File[3].Flags=196608 File[3].Type=7 File[3].Original.Path=Report.cab FriendlyEventName=Shut down unexpectedly ConsentKey=BlueScreen AppName=Windows AppPath=C:\Windows\System32\WerFault.exe
May 7th, 2012 6:45pm

It may help to look at the minidump files from the crashes with a debugger. In Safe Mode can you zip up the minidump files in the C:\Windows\Minidump folder and then make available (provide link) via Windows Live SkyDrive or similar site? The following link has information on using Windows Live SkyDrive: http://social.technet.microsoft.com/Forums/en-US/w7itproui/thread/4fc10639-02db-4665-993a-08d865088d65 If you have problems zipping the minidump files copy the minidump files to another location such as a folder on the Desktop Also, you do not necessarily have to zip up the minidump files, you can upload them one at a time.
Free Windows Admin Tool Kit Click here and download it now
May 9th, 2012 11:12pm

Hey auggy, just wanted to say your help is very much appreciated, and would also very much like your help in finding out what is causing my BSOD here's what the dump file looks like http://i.imgur.com/l8eCt.png regards - Mo
June 9th, 2012 4:32am

Hi MomohLibya, Here is some good information on the error you received (Bug Check 0x124: WHEA_UNCORRECTABLE_ERROR): http://www.sevenforums.com/crash-lockup-debug-how/35349-stop-0x124-what-means-what-try.html Consider opening a a new topic on your issue if you need further help.
Free Windows Admin Tool Kit Click here and download it now
June 10th, 2012 10:56pm

Hello auggy! I have been experiencing a BSOD, the last 2 times has been when using a usb port (2 different ones) Could you have a look at the .dmp file for me? I couldn't figure out the windows sky drive so I just uploaded it to zippyshare. http://www15.zippyshare.com/v/75186865/file.html Thanks.
July 3rd, 2012 8:55am

Hi p_aull105, The minidump file showed a BAD_POOL_CALLER (c2) stop error caused by the stdriver64.sys: BUCKET_ID: X64_0xc2_7_Ala4_stdriver64+11d76 The stdriver64.sys is a SoundTap driver so try uninstalling SoundTap if it is installed The stdriver64.sys may also be a component of other sound related software. Consider opening a new topic on your issue if you need further help.
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2012 11:10am

Thanks auggy, I have Debut installed which is from NCH and uses the stdriver64.sys. This is an important program so I'll try updating or downgrading it to see if I can get a more stable version. For now I have moved the stdriver64.sys files out of the Debut install location in hopes that it might help. I'll also be using CCleaner professional to clean up my registry and see if that helps as well. Thanks.
July 4th, 2012 3:07am

You're welome.
Free Windows Admin Tool Kit Click here and download it now
July 4th, 2012 6:50am

So I'm on a fresh Windows install, everything seems to be working fine. First odd thing that happens is physical memory usage goes up to 97% and no processes were using anywhere near that amount (8gb). A restart fixed that issue, I've never had it before though. After some hours of normal use a video editing program seems to be running slower than it used to, then it blue screens saying IRQL_NOT_LESS_OR_EQUAL or something. Here is the .dmp file from that crash, if anyone could help tell me the cause and a possible solution I would appreciate it. http://www50.zippyshare.com/v/68932209/file.html
July 10th, 2012 7:33am

More about this error in general: http://mikemstech.blogspot.com/2011/11/how-to-troubleshoot-blue-screen-0xa.html The debugger indicates that this is likely due to the AVG Antivirus/Intrusion Detection System software. Based on the symbol information, the AVG driver is from 2011. I would recommend seeing if there are updates for AVG. Alternatively, if you let the subscription lapse, then you might want to fully uninstall AVG and install a different antivirus. 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: fffffa7fffffd010, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff80002d03efe, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f0f100 fffffa7fffffd010 CURRENT_IRQL: 2 FAULTING_IP: nt!MiRemoveAnyPage+13e fffff800`02d03efe f0410fba6c241000 lock bts dword ptr [r12+10h],0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: explorer.exe TRAP_FRAME: fffff8800cf6d0b0 -- (.trap 0xfffff8800cf6d0b0) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000002 rbx=0000000000000000 rcx=0000000000000002 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80002d03efe rsp=fffff8800cf6d240 rbp=fffff8800cf6d280 r8=0000000000000000 r9=0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!MiRemoveAnyPage+0x13e: fffff800`02d03efe f0410fba6c241000 lock bts dword ptr [r12+10h],0 ds:792b:00000000`00000010=???????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80002cdf769 to fffff80002ce01c0 STACK_TEXT: fffff880`0cf6cf68 fffff800`02cdf769 : 00000000`0000000a fffffa7f`ffffd010 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx fffff880`0cf6cf70 fffff800`02cde3e0 : fffffa80`06f10e90 fffffa80`06cc9930 00000000`00000001 00000000`00000029 : nt!KiBugCheckDispatch+0x69 fffff880`0cf6d0b0 fffff800`02d03efe : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260 fffff880`0cf6d240 fffff800`02c9f8b0 : fa8008ca`0c3004c0 00000000`00000000 00000000`00000052 00000000`00000000 : nt!MiRemoveAnyPage+0x13e fffff880`0cf6d360 fffff800`02f7839a : fffffa80`08997cd0 fffffa80`00000001 fffffa80`08997cd0 00000000`00000005 : nt!MiPfPutPagesInTransition+0x7c7 fffff880`0cf6d4d0 fffff800`02cce57d : fffffa80`08997cd0 00000003`1bb9f000 00000000`0005d000 00000000`0031bb9f : nt!MmPrefetchForCacheManager+0x8e fffff880`0cf6d520 fffff800`02fc5a00 : 00000000`00000000 00000003`1bb9f794 fffffa80`0855db20 00000000`30b4c020 : nt!CcFetchDataForRead+0x17d fffff880`0cf6d580 fffff880`0124d730 : fffff8a0`00000000 00000000`00000005 fffff8a0`0002086c fffff800`02cf6201 : nt!CcCopyRead+0x180 fffff880`0cf6d640 fffff880`0124dda3 : fffff8a0`0c450c70 fffff8a0`0c450c70 fffff880`0cf6d870 fffff880`0cf6d768 : Ntfs!NtfsCachedRead+0x180 fffff880`0cf6d6a0 fffff880`0124fa68 : fffffa80`07599580 fffffa80`09d6cc10 fffff880`0cf6d801 fffffa80`07a0d900 : Ntfs!NtfsCommonRead+0x583 fffff880`0cf6d840 fffff880`010c1bcf : fffffa80`09d6cfb0 fffffa80`09d6cc10 fffffa80`07a0d9d0 00000000`00000001 : Ntfs!NtfsFsdRead+0x1b8 fffff880`0cf6d8f0 fffff880`010c06df : fffffa80`08b3ac90 00000000`00000001 fffffa80`08b3ac00 fffffa80`09d6cc10 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f fffff880`0cf6d980 fffff880`05473b88 : 00000000`00000000 00000000`30b4c020 00000000`00000001 fffffa80`09c03060 : fltmgr!FltpDispatch+0xcf fffff880`0cf6d9e0 00000000`00000000 : 00000000`30b4c020 00000000`00000001 fffffa80`09c03060 fffffa80`0855db20 : AVGIDSFilter+0x1b88 STACK_COMMAND: kb FOLLOWUP_IP: AVGIDSFilter+1b88 fffff880`05473b88 ?? ??? SYMBOL_STACK_INDEX: d SYMBOL_NAME: AVGIDSFilter+1b88 FOLLOWUP_NAME: MachineOwner MODULE_NAME: AVGIDSFilter IMAGE_NAME: AVGIDSFilter.Sys DEBUG_FLR_IMAGE_TIMESTAMP: 4e1a2991 FAILURE_BUCKET_ID: X64_0xA_AVGIDSFilter+1b88 BUCKET_ID: X64_0xA_AVGIDSFilter+1b88 Followup: MachineOwner --------- 1: kd> lmvm AVGIDSFilter start end module name fffff880`05472000 fffff880`0547d000 AVGIDSFilter T (no symbols) Loaded symbol image file: AVGIDSFilter.Sys Image path: \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys Image name: AVGIDSFilter.Sys Timestamp: Sun Jul 10 16:37:05 2011 (4E1A2991) CheckSum: 0000D913 ImageSize: 0000B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Free Windows Admin Tool Kit Click here and download it now
July 10th, 2012 9:35pm

Ah, I just recently got AVG 2012, might have to change now. What anti virus/ general protection would you recommend? Thank you very much for looking at my problem I appreciate it alot :)
July 11th, 2012 1:25am

Hey Auggy, I used WinDbg to view my crash dump, the "probable" cause of the crash is ataport.sys. I'm not sure if this is correct or not, but I get the BSOD at least once a day. I installed SIW and fixed many of the more important problems, but am still getting the crashes. I don't know if rolling back an ATA driver is the best idea, so I haven't tried it myself, I just want to double check before I start playing around with my port drivers.
Free Windows Admin Tool Kit Click here and download it now
August 25th, 2012 6:44am

Hi TreAbernathy, I would suggest to run a scan with the following two applications to see if they pick anything up: TDSSKiller: http://support.kaspersky.com/faq/?qid=208283363 Malwarebytes Antimalware (free version) - do a "Full Scan": http://www.malwarebytes.org/products/malwarebytes_free If you need further help consider starting a new topic on the issue.
August 25th, 2012 7:00am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics