Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD 0x3B and 0x34


  • Please log in to reply
19 replies to this topic

#1 half_slice7

half_slice7

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Switzerland
  • Local time:05:21 PM

Posted 04 September 2014 - 08:05 AM

Hey guys

 

I think I need some help.

I'm struggling with a HP EliteBook Folio 1040 G1 notebook, on which I get different blue screens (Win7 Enterprise x64).

 

Does anybody have an idea, what's causing this issues?

 

 

073114-4882-01.dmp

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\MiniDump\073114-4882-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
Machine Name:
Kernel base = 0xfffff800`02e4d000 PsLoadedModuleList = 0xfffff800`03090890
Debug session time: Thu Jul 31 11:38:15.651 2014 (UTC + 2:00)
System Uptime: 0 days 22:04:26.461
Loading Kernel Symbols
...............................................................
................................................................
..................................................
Loading User Symbols
Loading unloaded module list
..................................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff88004b8cc60, fffff8800bb1bc60, 0}

Probably caused by : dxgmms1.sys ( dxgmms1!VidMmTerminateAllocation+144 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff88004b8cc60, Address of the instruction which caused the bugcheck
Arg3: fffff8800bb1bc60, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

FAULTING_IP: 
dxgmms1!VidMmTerminateAllocation+144
fffff880`04b8cc60 4c8ba938010000  mov     r13,qword ptr [rcx+138h]

CONTEXT:  fffff8800bb1bc60 -- (.cxr 0xfffff8800bb1bc60)
rax=fffff8a009c719b1 rbx=fffffa800a79e000 rcx=820300050101010d
rdx=0000000000000000 rsi=fffff8a00b4ad140 rdi=fffffa8011c99270
rip=fffff88004b8cc60 rsp=fffff8800bb1c640 rbp=fffffa80110fb350
 r8=0000000000000000  r9=0000000000000000 r10=fffff88003165a60
r11=fffff8a01557e430 r12=fffff8a00b4ad140 r13=fffff88004ab4a08
r14=0000000000000001 r15=0000000000000001
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
dxgmms1!VidMmTerminateAllocation+0x144:
fffff880`04b8cc60 4c8ba938010000  mov     r13,qword ptr [rcx+138h] ds:002b:82030005`01010245=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x3B

PROCESS_NAME:  chrome.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 0000000000000000 to fffff88004b8cc60

STACK_TEXT:  
fffff880`0bb1c640 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : dxgmms1!VidMmTerminateAllocation+0x144


FOLLOWUP_IP: 
dxgmms1!VidMmTerminateAllocation+144
fffff880`04b8cc60 4c8ba938010000  mov     r13,qword ptr [rcx+138h]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  dxgmms1!VidMmTerminateAllocation+144

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: dxgmms1

IMAGE_NAME:  dxgmms1.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  51fa16de

STACK_COMMAND:  .cxr 0xfffff8800bb1bc60 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_dxgmms1!VidMmTerminateAllocation+144

BUCKET_ID:  X64_0x3B_dxgmms1!VidMmTerminateAllocation+144

Followup: MachineOwner
---------

082114-5756-01.dmp

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\MiniDump\082114-5756-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
Machine Name:
Kernel base = 0xfffff800`02e61000 PsLoadedModuleList = 0xfffff800`030a4890
Debug session time: Thu Aug 21 09:05:26.725 2014 (UTC + 2:00)
System Uptime: 1 days 13:11:52.005
Loading Kernel Symbols
...............................................................
................................................................
...................................................
Loading User Symbols
Loading unloaded module list
..................................................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 34, {50853, fffff880033854f8, fffff88003384d50, fffff8000300a123}

Probably caused by : ntkrnlmp.exe ( nt!ExFreePoolWithTag+43 )

Followup: MachineOwner
---------

3: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CACHE_MANAGER (34)
    See the comment for FAT_FILE_SYSTEM (0x23)
Arguments:
Arg1: 0000000000050853
Arg2: fffff880033854f8
Arg3: fffff88003384d50
Arg4: fffff8000300a123

Debugging Details:
------------------


EXCEPTION_RECORD:  fffff880033854f8 -- (.exr 0xfffff880033854f8)
ExceptionAddress: fffff8000300a123 (nt!ExFreePoolWithTag+0x0000000000000043)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 00000000000000a1
Attempt to read from address 00000000000000a1

CONTEXT:  fffff88003384d50 -- (.cxr 0xfffff88003384d50)
rax=0000000000000000 rbx=fffffa800e9d6eb8 rcx=00000000000000b1
rdx=0000000000000000 rsi=0000000000000001 rdi=fffffa800e9d6e70
rip=fffff8000300a123 rsp=fffff88003385730 rbp=fffff88003385968
 r8=0000000000000000  r9=000000000043f000 r10=00000000ffffffff
r11=00000000fffffff9 r12=0000000000000000 r13=00000000000000b1
r14=00000000000002fd r15=0000000000000001
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00210206
nt!ExFreePoolWithTag+0x43:
fffff800`0300a123 418b45f0        mov     eax,dword ptr [r13-10h] ds:002b:00000000`000000a1=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  00000000000000a1

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000310e100
 00000000000000a1 

FOLLOWUP_IP: 
nt!ExFreePoolWithTag+43
fffff800`0300a123 418b45f0        mov     eax,dword ptr [r13-10h]

FAULTING_IP: 
nt!ExFreePoolWithTag+43
fffff800`0300a123 418b45f0        mov     eax,dword ptr [r13-10h]

BUGCHECK_STR:  0x34

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER:  from fffff80002eb3e10 to fffff8000300a123

STACK_TEXT:  
fffff880`03385730 fffff800`02eb3e10 : 00000000`00000000 00000000`00004000 00000000`00000000 00000000`00004441 : nt!ExFreePoolWithTag+0x43
fffff880`033857e0 fffff800`02eea48a : 00000000`ffffffff fffff880`03385968 00000000`00000001 fffff8a0`003be210 : nt!ExDeleteResourceLite+0x190
fffff880`03385840 fffff800`02ebbbff : fffffa80`074d7930 fffff880`03385968 00000000`00000001 fffffa80`074d7930 : nt!CcUnpinFileDataEx+0x3fa
fffff880`033858c0 fffff800`02f1783b : 00000000`0082fb75 fffff880`03385b18 00000000`00004000 00000000`00000000 : nt!CcReleaseByteRangeFromWrite+0xa7
fffff880`03385910 fffff800`02f1b136 : fffffa80`074ecb90 fffffa80`00000001 fffff880`00000001 00000000`00004000 : nt!CcFlushCache+0x64b
fffff880`03385a10 fffff800`02f1baf8 : fffff880`00000000 fffff880`03385b18 fffffa80`09f44470 fffff800`030ddad8 : nt!CcWriteBehind+0x1c6
fffff880`03385ac0 fffff800`02ee0261 : fffffa80`06d40160 fffff800`031cdc01 fffff800`030ddae0 fffffa80`00000003 : nt!CcWorkerThread+0x1c8
fffff880`03385b70 fffff800`0317273a : 00000000`00000000 fffffa80`06cfd660 00000000`00000080 fffffa80`06cd4040 : nt!ExpWorkerThread+0x111
fffff880`03385c00 fffff800`02ec78e6 : fffff880`031d7180 fffffa80`06cfd660 fffff880`031e1fc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03385c40 00000000`00000000 : fffff880`03386000 fffff880`03380000 fffff880`03384b30 00000000`00000000 : nt!KiStartSystemThread+0x16


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!ExFreePoolWithTag+43

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  531590fb

STACK_COMMAND:  .cxr 0xfffff88003384d50 ; kb

FAILURE_BUCKET_ID:  X64_0x34_nt!ExFreePoolWithTag+43

BUCKET_ID:  X64_0x34_nt!ExFreePoolWithTag+43

Followup: MachineOwner
---------

082814-5662-01.dmp

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\MiniDump\082814-5662-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
Machine Name:
Kernel base = 0xfffff800`02e57000 PsLoadedModuleList = 0xfffff800`0309a890
Debug session time: Thu Aug 28 14:39:56.482 2014 (UTC + 2:00)
System Uptime: 1 days 5:20:53.007
Loading Kernel Symbols
...............................................................
................................................................
.....................................................
Loading User Symbols
Loading unloaded module list
....................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 34, {50853, fffff8800339a4f8, fffff88003399d50, fffff80003000123}

Probably caused by : ntkrnlmp.exe ( nt!ExFreePoolWithTag+43 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

CACHE_MANAGER (34)
    See the comment for FAT_FILE_SYSTEM (0x23)
Arguments:
Arg1: 0000000000050853
Arg2: fffff8800339a4f8
Arg3: fffff88003399d50
Arg4: fffff80003000123

Debugging Details:
------------------


EXCEPTION_RECORD:  fffff8800339a4f8 -- (.exr 0xfffff8800339a4f8)
ExceptionAddress: fffff80003000123 (nt!ExFreePoolWithTag+0x0000000000000043)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 00000000000000a1
Attempt to read from address 00000000000000a1

CONTEXT:  fffff88003399d50 -- (.cxr 0xfffff88003399d50)
rax=0000000000000000 rbx=fffffa800da09058 rcx=00000000000000b1
rdx=0000000000000000 rsi=0000000000000001 rdi=fffffa800da09010
rip=fffff80003000123 rsp=fffff8800339a730 rbp=fffff8800339a968
 r8=0000000000000000  r9=0000000000000000 r10=fffff80003107a80
r11=0000000000435000 r12=0000000000000000 r13=00000000000000b1
r14=00000000000002fd r15=0000000000000001
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
nt!ExFreePoolWithTag+0x43:
fffff800`03000123 418b45f0        mov     eax,dword ptr [r13-10h] ds:002b:00000000`000000a1=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  00000000000000a1

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003104100
 00000000000000a1 

FOLLOWUP_IP: 
nt!ExFreePoolWithTag+43
fffff800`03000123 418b45f0        mov     eax,dword ptr [r13-10h]

FAULTING_IP: 
nt!ExFreePoolWithTag+43
fffff800`03000123 418b45f0        mov     eax,dword ptr [r13-10h]

BUGCHECK_STR:  0x34

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

LAST_CONTROL_TRANSFER:  from fffff80002ea9e10 to fffff80003000123

STACK_TEXT:  
fffff880`0339a730 fffff800`02ea9e10 : 00000000`00000000 00000000`00001000 00000000`00000000 00000000`00000434 : nt!ExFreePoolWithTag+0x43
fffff880`0339a7e0 fffff800`02ee048a : 00000000`ffffffff fffff880`0339a968 00000000`00000001 fffff8a0`003ea1a8 : nt!ExDeleteResourceLite+0x190
fffff880`0339a840 fffff800`02eb1bff : fffffa80`075fc910 fffff880`0339a968 00000000`00000001 fffffa80`075fc910 : nt!CcUnpinFileDataEx+0x3fa
fffff880`0339a8c0 fffff800`02f0d83b : 00000000`0067576f fffff880`0339ab18 00000000`00001000 00000000`00000000 : nt!CcReleaseByteRangeFromWrite+0xa7
fffff880`0339a910 fffff800`02f11136 : fffffa80`074b1840 fffffa80`00000001 fffffa80`00000001 fffffa80`00001000 : nt!CcFlushCache+0x64b
fffff880`0339aa10 fffff800`02f11af8 : fffff880`00000000 fffff880`0339ab18 fffffa80`09b4a4a0 fffff800`030d3ad8 : nt!CcWriteBehind+0x1c6
fffff880`0339aac0 fffff800`02ed6261 : fffffa80`06cfa190 fffff800`031c3c01 fffff800`030d3ae0 fffffa80`00000002 : nt!CcWorkerThread+0x1c8
fffff880`0339ab70 fffff800`0316873a : 00000000`00000000 fffffa80`06cedb50 00000000`00000080 fffffa80`06cd4040 : nt!ExpWorkerThread+0x111
fffff880`0339ac00 fffff800`02ebd8e6 : fffff880`031d7180 fffffa80`06cedb50 fffff880`031e1fc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`0339ac40 00000000`00000000 : fffff880`0339b000 fffff880`03395000 fffff880`03399d60 00000000`00000000 : nt!KiStartSystemThread+0x16


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!ExFreePoolWithTag+43

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  531590fb

STACK_COMMAND:  .cxr 0xfffff88003399d50 ; kb

FAILURE_BUCKET_ID:  X64_0x34_nt!ExFreePoolWithTag+43

BUCKET_ID:  X64_0x34_nt!ExFreePoolWithTag+43

Followup: MachineOwner
---------

090414-4929-01.dmp

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\MiniDump\090414-4929-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
Machine Name:
Kernel base = 0xfffff800`02e4f000 PsLoadedModuleList = 0xfffff800`03092890
Debug session time: Thu Sep  4 09:29:44.095 2014 (UTC + 2:00)
System Uptime: 0 days 15:10:01.000
Loading Kernel Symbols
...............................................................
................................................................
..................................................
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {ffffffffc0000005, fffff80002ed30d8, 0, ffffffffffffffff}

Probably caused by : ntkrnlmp.exe ( nt!KiTryUnwaitThread+28 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002ed30d8, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

FAULTING_IP: 
nt!KiTryUnwaitThread+28
fffff800`02ed30d8 f0480fba6b4000  lock bts qword ptr [rbx+40h],0

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030fc100
 ffffffffffffffff 

ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

BUGCHECK_STR:  0x1E_c0000005

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff80002f0f738 to fffff80002ec4bc0

STACK_TEXT:  
fffff880`03ad1ff8 fffff800`02f0f738 : 00000000`0000001e ffffffff`c0000005 fffff800`02ed30d8 00000000`00000000 : nt!KeBugCheckEx
fffff880`03ad2000 fffff800`02ec4242 : fffff880`03ad27d8 00fffffa`8006cd40 fffff880`03ad2880 fffffa80`071d9b58 : nt! ?? ::FNODOBFM::`string'+0x487ed
fffff880`03ad26a0 fffff800`02ec2b4a : 00000000`00000000 00000000`00000000 00000000`00000001 fffffa80`075be030 : nt!KiExceptionDispatch+0xc2
fffff880`03ad2880 fffff800`02ed30d8 : 00000000`00000000 fffff800`02e816e3 fffff800`0306a280 fffffa80`071d9b50 : nt!KiGeneralProtectionFault+0x10a
fffff880`03ad2a10 fffff800`02ea41b6 : fffffa80`071d9b50 b0fffffa`80071d9b fffffa80`071d9b58 00000000`00000000 : nt!KiTryUnwaitThread+0x28
fffff880`03ad2a70 fffff800`03199f08 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`071d9b50 : nt!KeTerminateThread+0x32e
fffff880`03ad2af0 fffff800`0319a431 : 00000000`00000000 fffff800`03160700 00000000`00000000 00000000`00000000 : nt!PspExitThread+0x418
fffff880`03ad2bf0 fffff800`02eb58e6 : fffff880`03165180 00000000`00000080 fffffa80`071d9b50 00000000`00000000 : nt!PspTerminateThreadByPointer+0x4d
fffff880`03ad2c40 00000000`00000000 : fffff880`03ad3000 fffff880`03acd000 fffff880`03ad28a0 00000000`00000000 : nt!KiStartSystemThread+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!KiTryUnwaitThread+28
fffff800`02ed30d8 f0480fba6b4000  lock bts qword ptr [rbx+40h],0

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  nt!KiTryUnwaitThread+28

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  531590fb

FAILURE_BUCKET_ID:  X64_0x1E_c0000005_nt!KiTryUnwaitThread+28

BUCKET_ID:  X64_0x1E_c0000005_nt!KiTryUnwaitThread+28

Followup: MachineOwner
---------

The first one is showing something about dxgmms1.sys --> DirectX?

The other ones ntkrnlmp.exe

 

The drivers and BIOS are up to date.

 

 

Any suggestions about my problem?

 

Thanks in advance

Attached Files


"Everyone has a plan 'till they get punched in the mouth."

- Mike Tyson 

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:21 AM

Posted 04 September 2014 - 08:39 AM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis



#3 half_slice7

half_slice7
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Switzerland
  • Local time:05:21 PM

Posted 04 September 2014 - 09:57 AM

Hmmm, ok.... It's not my notebook, so I can't do this now.

Maybe tomorrow I have access to the device. So I will let you know...


"Everyone has a plan 'till they get punched in the mouth."

- Mike Tyson 

#4 half_slice7

half_slice7
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Switzerland
  • Local time:05:21 PM

Posted 05 September 2014 - 06:10 AM

OK, here we go:
 
Speccy Link: 
http://speccy.piriform.com/results/yNJPmtVwsMdtXXLhgVkAgRB
 
MiniToolBox:
MiniToolBox by Farbar Version: 21-07-2014
Ran by jsu (administrator) on 05-09-2014 at 12:26:36
Running from "C:\Users\Jsu\AppData\Local\Temp\Temp1_Tools.zip"
Microsoft Windows 7 Enterprise Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/05/2014 09:27:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/05/2014 09:29:46 AM) (Source: Microsoft-Windows-GroupPolicy) (User: SAGECH)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/05/2014 09:28:10 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/05/2014 09:27:43 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/05/2014 09:27:42 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain SAGECH due to the following:
%%1311.  This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
ADDITIONAL INFO:  If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (09/05/2014 09:27:41 AM) (Source: BugCheck) (User: )
Description: 0x0000009f (0x0000000000000003, 0xfffffa800a71cbf0, 0xfffff80000ba2748, 0xfffffa801226fc60)C:\Windows\MEMORY.DMP090514-5038-01

Error: (09/05/2014 09:27:41 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 09:11:52 on ‎05.‎09.‎2014 was unexpected.

Error: (09/04/2014 02:37:31 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain SAGECH due to the following:
%%1311  This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Microsoft Office Sessions:
=========================
Error: (09/05/2014 09:27:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

=========================== Installed Programs ============================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.39.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.39.0 - Alcor Micro Corp.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cisco Jabber Video for TelePresence (HKLM-x32\...\{083E119D-B926-4F0E-9FDA-FF0035D09CA1}) (Version: 4.7.4.17771 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Access Gateway Plug-in (HKLM\...\{D788EC57-DCFA-4EED-852A-C6D71EF58925}) (Version: 10.1.123.9 - Citrix Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{65480649-2AA6-4C5C-AAE8-DB35335D98A7}) (Version: - Microsoft)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{90150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPRO_{65480649-2AA6-4C5C-AAE8-DB35335D98A7}) (Version: - Microsoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10251 - Realtek Semiconductor Corp.)
HP Hotkey Support (HKLM-x32\...\{53C48A27-4079-49EB-8E73-76BA85D2BF6F}) (Version: 5.0.24.1 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{68E1C9E9-1606-49AF-9978-573148CED9E4}) (Version: 3.5.3.0 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6499.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.24.1790 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 19.0 - Intel)
Intel® PRO/Wireless Driver (Version: 16.11.0000.1482 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.6.1000 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.6.1000 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8e41467d-297e-496d-8b0f-e771b6c87c06}) (Version: 16.11.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.10.0.0307 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
LinkedIn Outlook Connector (HKLM-x32\...\LinkedIn Outlook Connector) (Version: 1.1.10.0 - LinkedIn)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Project MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Project Professional 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Moveslink2 (HKCU\...\ad9740b1426036fe) (Version: 1.2.9.4693 - Suunto)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 2.65100.10422.40 - NXP Semiconductors)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PlayMemories Home (HKLM-x32\...\{6F26A633-ACC2-4850-82C5-60A06D606175}) (Version: 3.1.20.06241 - Sony Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.43 - Realtek Semiconductor Corp.)
SafeHouse 3.07 Professional Edition (HKLM-x32\...\SafeHouse16) (Version: 3.07.94.0 - PC Dynamics)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPRO_{115B7592-B71D-4C27-AB34-34268FB199CA}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SnagIt 8 (HKLM-x32\...\{93699C3E-005E-4294-87CA-F5B7DE2CD687}) (Version: 8.0.2 - TechSmith Corporation)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.23 - Synaptics Incorporated)
Trend Micro OfficeScan Client (HKLM-x32\...\OfficeScanNT) (Version: 10.5 - Trend Micro)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{A4EACEBA-1944-45DB-B547-8967AA7926B9}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{90150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPRO_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{90150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPRO_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM-x32\...\{90150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPRO_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PRJPRO_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{D27F6360-AE1E-4C8C-8ECD-C0375E20B923}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition (HKLM-x32\...\{90150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPRO_{D27F6360-AE1E-4C8C-8ECD-C0375E20B923}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPRO_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PRJPRO_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM-x32\...\{90150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPRO_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{90150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPRO_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{07017577-FBD6-45E2-A796-659E8F428057}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition (HKLM-x32\...\{90150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPRO_{07017577-FBD6-45E2-A796-659E8F428057}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PRJPRO_{07017577-FBD6-45E2-A796-659E8F428057}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{07017577-FBD6-45E2-A796-659E8F428057}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0409-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881074) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B23AED0C-4813-4B49-9870-2F0968824E87}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881074) 32-Bit Edition (HKLM-x32\...\{90150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPRO_{B23AED0C-4813-4B49-9870-2F0968824E87}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PRJPRO_{56962EB1-4DD3-48BB-934B-EA4C4516D89A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUS_{56962EB1-4DD3-48BB-934B-EA4C4516D89A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PRJPRO_{63AED158-0508-4738-A811-840B2053EF3B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUS_{63AED158-0508-4738-A811-840B2053EF3B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.PRJPRO_{23073850-B916-414F-9204-AB0512524A6A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.PROPLUS_{23073850-B916-414F-9204-AB0512524A6A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{02DB183E-6F67-4906-A391-325874C5DA87}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PRJPRO_{02DB183E-6F67-4906-A391-325874C5DA87}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{02DB183E-6F67-4906-A391-325874C5DA87}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 32-Bit Edition (HKLM-x32\...\{90150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPRO_{02DB183E-6F67-4906-A391-325874C5DA87}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PRJPRO_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-0000000FF1CE}_Office15.PRJPRO_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0409-0000-0000000FF1CE}_Office15.PROPLUS_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PRJPRO_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUS_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPRO_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{15033648-0DAB-4BE8-B84B-D1139BD0563F}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{15033648-0DAB-4BE8-B84B-D1139BD0563F}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0409-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPRO_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PRJPRO_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUS_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version: - Microsoft)
WebEx Productivity Tools (HKLM-x32\...\{B6FD3928-D7FB-42F5-8707-CE6648361184}) (Version: 2.32.1209.17492 - Cisco WebEx LLC)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
XING Outlook Connector (HKLM\...\{88C6AE1C-E020-4198-85B1-406B346EA11A}) (Version: 2.2.0 - XING)

========================= Memory info: ===================================
Percentage of memory in use: 32%
Total physical RAM: 8089.11 MB
Available physical RAM: 5445.23 MB
Total Pagefile: 16176.4 MB
Available Pagefile: 13000.7 MB
Total Virtual: 4095.88 MB
Available Virtual: 3980.98 MB

========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:238.37 GB) (Free:147.15 GB) NTFS

========================= Users: ========================================
User accounts for \\CHNBOP-L01296

Administrator Guest

**** End of log ****


Edited by hamluis, 05 September 2014 - 11:22 AM.

"Everyone has a plan 'till they get punched in the mouth."

- Mike Tyson 

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:21 AM

Posted 05 September 2014 - 11:45 AM

22 Jul 2014 install of Windows, no critical updates since then.

 

See Info Re Domain Connection Errors In Event Viewer .

 

The first set of data you posted...goes back 2 months and are not reflected in recent system problems.  I can't tell you anything about such data...the system might have corrected itself, changes may have been made, and so on.  If the errors don't appear in Event Viewer...IMO, they are not worth worrying about.  All BSODs will generate an Event Viewer entry.

 

Louis



#6 Jared44

Jared44

  • BSOD Kernel Dump Expert
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dronfield
  • Local time:05:21 PM

Posted 06 September 2014 - 07:46 AM

Okay, so we have multiple different dump files here.

BugCheck 3B, {c0000005, fffff88004b8cc60, fffff8800bb1bc60, 0}

Here we can see an access violation occurred, meaning memory being referenced couldn't be understood by the CPU as it was either nonexistant, it didn't reside within the process' address space (user mode) or read only memory was accessed.

rax=fffff8a009c719b1 rbx=fffffa800a79e000 rcx=820300050101010d
rdx=0000000000000000 rsi=fffff8a00b4ad140 rdi=fffffa8011c99270
rip=fffff88004b8cc60 rsp=fffff8800bb1c640 rbp=fffffa80110fb350
 r8=0000000000000000  r9=0000000000000000 r10=fffff88003165a60
r11=fffff8a01557e430 r12=fffff8a00b4ad140 r13=fffff88004ab4a08
r14=0000000000000001 r15=0000000000000001
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
dxgmms1!VidMmTerminateAllocation+0x144:
fffff880`04b8cc60 4c8ba938010000  mov     r13,qword ptr [rcx+138h] ds:002b:82030005`01010245=????????????????

So the DirectX MMS terminated an allocation by moving pointers to a different address, an address which was calculated by adding the value of the rcx register and 138, this results in a memory write to 82030005`01010245 which we can see isn't allowed.

2: kd> !pte 82030005`01010245
                                           VA 8203000501010245
PXE at FFFFF6FB7DBED000    PPE at FFFFF6FB7DA000A0    PDE at FFFFF6FB40014040    PTE at FFFFF68002808080
Unable to get PXE FFFFF6FB7DBED000
WARNING: noncanonical VA, accesses will fault !

The address is valid but any attempt to access it will result in a fail and an access violation which will bring down the system as it would be unexpected.

 

--------------------------------

BugCheck 34, {50853, fffff8800339a4f8, fffff88003399d50, fffff80003000123}

This bugcheck indicates the cache manager found a fatal error.

3: kd> .cxr 0xfffff88003384d50;r
rax=0000000000000000 rbx=fffffa800e9d6eb8 rcx=00000000000000b1
rdx=0000000000000000 rsi=0000000000000001 rdi=fffffa800e9d6e70
rip=fffff8000300a123 rsp=fffff88003385730 rbp=fffff88003385968
 r8=0000000000000000  r9=000000000043f000 r10=00000000ffffffff
r11=00000000fffffff9 r12=0000000000000000 r13=00000000000000b1
r14=00000000000002fd r15=0000000000000001
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00210206
nt!ExFreePoolWithTag+0x43:
fffff800`0300a123 418b45f0        mov     eax,dword ptr [r13-10h] ds:002b:00000000`000000a1=????????

So we had a move command which would store the contents of r13 - 10 to the eax register, there appears to be a bad pointer being used which is why a memory read occurred on 0xa1 which is clearly an invalid address.

 

We can take a look into this a different way.

3: kd> .exr 0xfffff880033854f8
ExceptionAddress: fffff8000300a123 (nt!ExFreePoolWithTag+0x0000000000000043)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 00000000000000a1
Attempt to read from address 00000000000000a1

So a driver tried to free it's allocation which resulted in an access violation as it tried to read an address which was invalid.

 

-------------------------

BugCheck 1E, {ffffffffc0000005, fffff80002ed30d8, 0, ffffffffffffffff}

In this last dump file we see a Kernel mode exception wasn't handled, an access violation again.

 

This seems to be a thread holding a spinlock and it's trying to release it yet failing to do so.

2: kd> kv
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`03ad1ff8 fffff800`02f0f738 : 00000000`0000001e ffffffff`c0000005 fffff800`02ed30d8 00000000`00000000 : nt!KeBugCheckEx
fffff880`03ad2000 fffff800`02ec4242 : fffff880`03ad27d8 00fffffa`8006cd40 fffff880`03ad2880 fffffa80`071d9b58 : nt! ?? ::FNODOBFM::`string'+0x487ed
fffff880`03ad26a0 fffff800`02ec2b4a : 00000000`00000000 00000000`00000000 00000000`00000001 fffffa80`075be030 : nt!KiExceptionDispatch+0xc2
fffff880`03ad2880 fffff800`02ed30d8 : 00000000`00000000 fffff800`02e816e3 fffff800`0306a280 fffffa80`071d9b50 : nt!KiGeneralProtectionFault+0x10a (TrapFrame @ fffff880`03ad2880)
fffff880`03ad2a10 fffff800`02ea41b6 : fffffa80`071d9b50 b0fffffa`80071d9b fffffa80`071d9b58 00000000`00000000 : nt!KiTryUnwaitThread+0x28
fffff880`03ad2a70 fffff800`03199f08 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`071d9b50 : nt!KeTerminateThread+0x32e
fffff880`03ad2af0 fffff800`0319a431 : 00000000`00000000 fffff800`03160700 00000000`00000000 00000000`00000000 : nt!PspExitThread+0x418
fffff880`03ad2bf0 fffff800`02eb58e6 : fffff880`03165180 00000000`00000080 fffffa80`071d9b50 00000000`00000000 : nt!PspTerminateThreadByPointer+0x4d
fffff880`03ad2c40 00000000`00000000 : fffff880`03ad3000 fffff880`03acd000 fffff880`03ad28a0 00000000`00000000 : nt!KxStartSystemThread+0x16

So here we see a system thread being terminated, I believe the psp prefix is for process support which makes sense in that the process i trying to terminate a thread within itself.

The Kernel then tries to terminate the thread but it seems to be trying to release a spinlock, a thread cannot be terminated when holding a spinlock so it must remove the wait state first.

2: kd> .trap fffff880`03ad2880
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=0000000000000000 rcx=fffff88003165180
rdx=fffffa80071d9bb1 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ed30d8 rsp=fffff88003ad2a10 rbp=b0fffffa80071d9b
 r8=0000000000000100  r9=0000000000000000 r10=0000000000000004
r11=fffff88003ad2ae0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!KiTryUnwaitThread+0x28:
fffff800`02ed30d8 f0480fba6b4000  lock bts qword ptr [rbx+40h],0 ds:00000000`00000040=????????????????

Okay so we generated an access violation by writing to 0x40when holding the spinlock which is an invalid address, this caused the bugcheck so it seems we're dealing with a bad driver.

 

I suggest enabling Driver Verifier as it seems a driver is causing issues.

 

What is Driver Verifier?

Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.

Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8/8.1)
- DDI compliance checking (Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
 Restart and boot into normal Windows.

If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.

-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods: 5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1

How long should I keep Driver Verifier enabled for?

I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.

My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?

- If you have the system set to generate Small Memory Dumps, they will be located in %systemroot%\Minidump.

- If you have the system set to generate Kernel-Memory Dumps, it will be located in %systemroot% and labeled MEMORY.DMP.



#7 half_slice7

half_slice7
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Switzerland
  • Local time:05:21 PM

Posted 06 September 2014 - 03:33 PM

OK, thank you both. I will try enabling the driver verification an see what will happen.

I will do this later next week, and let you know....

 

Thanks


"Everyone has a plan 'till they get punched in the mouth."

- Mike Tyson 

#8 half_slice7

half_slice7
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Switzerland
  • Local time:05:21 PM

Posted 10 September 2014 - 04:52 AM

OK. I have enabled the verifier, and have now already a BSOD. Windows has booted, and a few seconds / minutes later the system crashed.

I have attached the dump-file. Can you take a look please?

 

Thank you


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\MiniDump\JJ\Minidump\Verifier\091014-6754-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
Machine Name:
Kernel base = 0xfffff800`02e0b000 PsLoadedModuleList = 0xfffff800`0304e890
Debug session time: Wed Sep 10 10:43:55.011 2014 (UTC + 2:00)
System Uptime: 0 days 0:05:22.306
Loading Kernel Symbols
...............................................................
................................................................
....................................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {1001, fffffa800b912190, fffffa800e295e00, 0}

Unable to load image \SystemRoot\system32\DRIVERS\NETwsw02.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for NETwsw02.sys
*** ERROR: Module load completed but symbols could not be loaded for NETwsw02.sys
Probably caused by : NETwsw02.sys ( NETwsw02+13869 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000001001, Verifier predicted potential deadlock.
Arg2: fffffa800b912190, Lock address.
Arg3: fffffa800e295e00, Verifier internal data.
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_1001

DRIVER_DEADLOCK: Deadlock detection not initialized 

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  LMS.exe

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff8000330d4ec to fffff80002e80bc0

STACK_TEXT:  
fffff800`00ba15e8 fffff800`0330d4ec : 00000000`000000c4 00000000`00001001 fffffa80`0b912190 fffffa80`0e295e00 : nt!KeBugCheckEx
fffff800`00ba15f0 fffff800`0330e6d8 : fffff880`05828869 fffffa80`0b912190 00000000`00000000 fffffa80`0e295e00 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff800`00ba1630 fffff800`03316e53 : fffffa80`06c71000 fffffa80`0e295e28 fffff800`0330c270 00000000`00000000 : nt!ViDeadlockReportIssue+0x38
fffff800`00ba1670 fffff800`0331ae3b : fffffa80`0b912190 fffffa80`0ba19b68 00000000`00000001 00000000`00000000 : nt!ViDeadlockAnalyze+0x203
fffff800`00ba16d0 fffff800`03324cef : fffffa80`0b912190 fffffa80`0bc89002 fffff800`00ba1840 00000000`00000000 : nt!VfDeadlockAcquireResource+0x3ab
fffff800`00ba17d0 fffff880`05828869 : 00000000`80000000 fffffa80`07bec000 fffff880`05a28900 00000000`00000004 : nt!VerifierKeAcquireSpinLockRaiseToDpc+0x11f
fffff800`00ba1830 00000000`80000000 : fffffa80`07bec000 fffff880`05a28900 00000000`00000004 fffffa80`10b53600 : NETwsw02+0x13869
fffff800`00ba1838 fffffa80`07bec000 : fffff880`05a28900 00000000`00000004 fffffa80`10b53600 00000000`00000001 : 0x80000000
fffff800`00ba1840 fffff880`05a28900 : 00000000`00000004 fffffa80`10b53600 00000000`00000001 fffff880`0582b563 : 0xfffffa80`07bec000
fffff800`00ba1848 00000000`00000004 : fffffa80`10b53600 00000000`00000001 fffff880`0582b563 fffff800`02e58d12 : NETwsw02+0x213900
fffff800`00ba1850 fffffa80`10b53600 : 00000000`00000001 fffff880`0582b563 fffff800`02e58d12 fffff800`00ba2060 : 0x4
fffff800`00ba1858 00000000`00000001 : fffff880`0582b563 fffff800`02e58d12 fffff800`00ba2060 fffff800`00ba1a20 : 0xfffffa80`10b53600
fffff800`00ba1860 fffff880`0582b563 : fffff800`02e58d12 fffff800`00ba2060 fffff800`00ba1a20 fffff800`00ba18e0 : 0x1
fffff800`00ba1868 fffff800`02e58d12 : fffff800`00ba2060 fffff800`00ba1a20 fffff800`00ba18e0 00000058`00000008 : NETwsw02+0x16563
fffff800`00ba1870 fffff800`02eee907 : 00000000`80000000 fffff800`00ba1ad0 fffff800`00ba1ab0 00000000`00000004 : nt!RtlpLookupFunctionEntryForStackWalks+0x32
fffff800`00ba18e0 fffff800`00ba1b30 : 00000000`00000001 fffff880`05884de7 fffffa80`07bec000 fffff800`00ba1a60 : nt! ?? ::FNODOBFM::`string'+0x2f1aa
fffff800`00ba1950 00000000`00000001 : fffff880`05884de7 fffffa80`07bec000 fffff800`00ba1a60 fffffa80`0bc89000 : 0xfffff800`00ba1b30
fffff800`00ba1958 fffff880`05884de7 : fffffa80`07bec000 fffff800`00ba1a60 fffffa80`0bc89000 fffff800`02e58d12 : 0x1
fffff800`00ba1960 fffffa80`07bec000 : fffff800`00ba1a60 fffffa80`0bc89000 fffff800`02e58d12 fffff800`00ba2140 : NETwsw02+0x6fde7
fffff800`00ba1968 fffff800`00ba1a60 : fffffa80`0bc89000 fffff800`02e58d12 fffff800`00ba2140 fffff800`00ba1b30 : 0xfffffa80`07bec000
fffff800`00ba1970 fffffa80`0bc89000 : fffff800`02e58d12 fffff800`00ba2140 fffff800`00ba1b30 fffff800`00ba19f0 : 0xfffff800`00ba1a60
fffff800`00ba1978 fffff800`02e58d12 : fffff800`00ba2140 fffff800`00ba1b30 fffff800`00ba19f0 00000000`00000000 : 0xfffffa80`0bc89000
fffff800`00ba1980 00000000`02f42376 : 00000042`000170f4 fffffa80`0b9ed870 fffff800`00000000 fffffa80`0bc89000 : nt!RtlpLookupFunctionEntryForStackWalks+0x32
fffff800`00ba19f0 00000042`000170f4 : fffffa80`0b9ed870 fffff800`00000000 fffffa80`0bc89000 00000000`00000000 : 0x2f42376
fffff800`00ba19f8 fffffa80`0b9ed870 : fffff800`00000000 fffffa80`0bc89000 00000000`00000000 fffff800`00ba1c00 : 0x42`000170f4
fffff800`00ba1a00 fffff800`00000000 : fffffa80`0bc89000 00000000`00000000 fffff800`00ba1c00 fffffa80`0b912190 : 0xfffffa80`0b9ed870
fffff800`00ba1a08 fffffa80`0bc89000 : 00000000`00000000 fffff800`00ba1c00 fffffa80`0b912190 00000000`00000000 : 0xfffff800`00000000
fffff800`00ba1a10 00000000`00000000 : fffff800`00ba1c00 fffffa80`0b912190 00000000`00000000 00000000`00000000 : 0xfffffa80`0bc89000


STACK_COMMAND:  kb

FOLLOWUP_IP: 
NETwsw02+13869
fffff880`05828869 ??              ???

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  NETwsw02+13869

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETwsw02

IMAGE_NAME:  NETwsw02.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  52e7f842

FAILURE_BUCKET_ID:  X64_0xc4_1001_VRF_NETwsw02+13869

BUCKET_ID:  X64_0xc4_1001_VRF_NETwsw02+13869

Followup: MachineOwner
---------

Attached Files


"Everyone has a plan 'till they get punched in the mouth."

- Mike Tyson 

#9 Jared44

Jared44

  • BSOD Kernel Dump Expert
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dronfield
  • Local time:05:21 PM

Posted 10 September 2014 - 06:00 AM

This is very interesting, could I have a KErnel memory dump so I can have a poke around.

 

Right, as for the cause...

BugCheck C4, {1001, fffffa800b912190, fffffa800e295e00, 0}

So we have a 0xC4 because Driver Verifier found a violation and needed to bugcheck, the first parameter was a 0x1001 meaning something was about to cause a deadlock so the system bugchecks which is a good thing as a deadlock shows us nothing.

fffff800`00ba15e8 fffff800`0330d4ec : 00000000`000000c4 00000000`00001001 fffffa80`0b912190 fffffa80`0e295e00 : nt!KeBugCheckEx
fffff800`00ba15f0 fffff800`0330e6d8 : fffff880`05828869 fffffa80`0b912190 00000000`00000000 fffffa80`0e295e00 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff800`00ba1630 fffff800`03316e53 : fffffa80`06c71000 fffffa80`0e295e28 fffff800`0330c270 00000000`00000000 : nt!ViDeadlockReportIssue+0x38
fffff800`00ba1670 fffff800`0331ae3b : fffffa80`0b912190 fffffa80`0ba19b68 00000000`00000001 00000000`00000000 : nt!ViDeadlockAnalyze+0x203
fffff800`00ba16d0 fffff800`03324cef : fffffa80`0b912190 fffffa80`0bc89002 fffff800`00ba1840 00000000`00000000 : nt!VfDeadlockAcquireResource+0x3ab
fffff800`00ba17d0 fffff880`05828869 : 00000000`80000000 fffffa80`07bec000 fffff880`05a28900 00000000`00000004 : nt!VerifierKeAcquireSpinLockRaiseToDpc+0x11f
fffff800`00ba1830 00000000`80000000 : fffffa80`07bec000 fffff880`05a28900 00000000`00000004 fffffa80`10b53600 : NETwsw02+0x13869
fffff800`00ba1838 fffffa80`07bec000 : fffff880`05a28900 00000000`00000004 fffffa80`10b53600 00000000`00000001 : 0x80000000
fffff800`00ba1840 fffff880`05a28900 : 00000000`00000004 fffffa80`10b53600 00000000`00000001 fffff880`0582b563 : 0xfffffa80`07bec000
fffff800`00ba1848 00000000`00000004 : fffffa80`10b53600 00000000`00000001 fffff880`0582b563 fffff800`02e58d12 : NETwsw02+0x213900
fffff800`00ba1850 fffffa80`10b53600 : 00000000`00000001 fffff880`0582b563 fffff800`02e58d12 fffff800`00ba2060 : 0x4
fffff800`00ba1858 00000000`00000001 : fffff880`0582b563 fffff800`02e58d12 fffff800`00ba2060 fffff800`00ba1a20 : 0xfffffa80`10b53600
fffff800`00ba1860 fffff880`0582b563 : fffff800`02e58d12 fffff800`00ba2060 fffff800`00ba1a20 fffff800`00ba18e0 : 0x1
fffff800`00ba1868 fffff800`02e58d12 : fffff800`00ba2060 fffff800`00ba1a20 fffff800`00ba18e0 00000058`00000008 : NETwsw02+0x16563
fffff800`00ba1870 fffff800`02eee907 : 00000000`80000000 fffff800`00ba1ad0 fffff800`00ba1ab0 00000000`00000004 : nt!RtlpLookupFunctionEntryForStackWalks+0x32
fffff800`00ba18e0 fffff800`00ba1b30 : 00000000`00000001 fffff880`05884de7 fffffa80`07bec000 fffff800`00ba1a60 : nt! ?? ::FNODOBFM::`string'+0x2f1aa
fffff800`00ba1950 00000000`00000001 : fffff880`05884de7 fffffa80`07bec000 fffff800`00ba1a60 fffffa80`0bc89000 : 0xfffff800`00ba1b30
fffff800`00ba1958 fffff880`05884de7 : fffffa80`07bec000 fffff800`00ba1a60 fffffa80`0bc89000 fffff800`02e58d12 : 0x1
fffff800`00ba1960 fffffa80`07bec000 : fffff800`00ba1a60 fffffa80`0bc89000 fffff800`02e58d12 fffff800`00ba2140 : NETwsw02+0x6fde7
fffff800`00ba1968 fffff800`00ba1a60 : fffffa80`0bc89000 fffff800`02e58d12 fffff800`00ba2140 fffff800`00ba1b30 : 0xfffffa80`07bec000
fffff800`00ba1970 fffffa80`0bc89000 : fffff800`02e58d12 fffff800`00ba2140 fffff800`00ba1b30 fffff800`00ba19f0 : 0xfffff800`00ba1a60
fffff800`00ba1978 fffff800`02e58d12 : fffff800`00ba2140 fffff800`00ba1b30 fffff800`00ba19f0 00000000`00000000 : 0xfffffa80`0bc89000
fffff800`00ba1980 00000000`02f42376 : 00000042`000170f4 fffffa80`0b9ed870 fffff800`00000000 fffffa80`0bc89000 : nt!RtlpLookupFunctionEntryForStackWalks+0x32
fffff800`00ba19f0 00000042`000170f4 : fffffa80`0b9ed870 fffff800`00000000 fffffa80`0bc89000 00000000`00000000 : 0x2f42376
fffff800`00ba19f8 fffffa80`0b9ed870 : fffff800`00000000 fffffa80`0bc89000 00000000`00000000 fffff800`00ba1c00 : 0x00000042`000170f4
fffff800`00ba1a00 fffff800`00000000 : fffffa80`0bc89000 00000000`00000000 fffff800`00ba1c00 fffffa80`0b912190 : 0xfffffa80`0b9ed870
fffff800`00ba1a08 fffffa80`0bc89000 : 00000000`00000000 fffff800`00ba1c00 fffffa80`0b912190 00000000`00000000 : 0xfffff800`00000000
fffff800`00ba1a10 00000000`00000000 : fffff800`00ba1c00 fffffa80`0b912190 00000000`00000000 00000000`00000000 : 0xfffffa80`0bc89000

So we can see a lot of user mode functions making calls which we can't see without a full memory dump.

We then see a few RtlpLookupFunctionEntryForStackWalks meaning it's trying to find a stack trace which involves reporting stack frames during execution at certain points which is why we see it multiple times.

These seem to be related to the NETwsw02.sys driver which is for your wireless Intel network card.

Finally we see it acquiring a spinlock and raising the IRQL to DPC/Dispatch level, it then tries to acquire the resource and something goes wrong so we bugcheck, given it's a minidump I can't find much more out.

0: kd> lmvm NETwsw02
start             end                 module name
fffff880`05815000 fffff880`05ba2000   NETwsw02 T (no symbols)           
    Loaded symbol image file: NETwsw02.sys
    Image path: \SystemRoot\system32\DRIVERS\NETwsw02.sys
    Image name: NETwsw02.sys
    Timestamp:        Tue Jan 28 18:34:42 2014 (52E7F842)
    CheckSum:         003741A7
    ImageSize:        0038D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

The driver seems to be fairly updated, see if there are any new updates, if so then download the latest one.

If there isn't a new download then try rolling back a version.

 

After you change the driver disable Driver Verifier and see if the issues persist.

 

A Kernel memory dump should give me more information, could you get me one if possible.

Go the Start
Right click My Computer
Select Properties
Click Advanced system settings
Click on the Advanced tab
Select Settings under Startup and Recovery
Then under Write debugging information select Kernel memory dump.

Once a dump is created go to:
 

C:\Windows\memory.dmp

Copy the file to the desktop, zip it up and upload it to a file sharing site like Onedrive. After the upload is done post the download link in your next reply.


Edited by Jared44, 10 September 2014 - 06:01 AM.


#10 half_slice7

half_slice7
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Switzerland
  • Local time:05:21 PM

Posted 10 September 2014 - 07:06 AM

Hi Jared,

 

I have seen, kermel memory dump was already selected. Here you have the full memory dump:

http://www17.zippyshare.com/v/85062012/file.html

 

Thank you very much. I really appreciate your help!


"Everyone has a plan 'till they get punched in the mouth."

- Mike Tyson 

#11 Jared44

Jared44

  • BSOD Kernel Dump Expert
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dronfield
  • Local time:05:21 PM

Posted 10 September 2014 - 07:09 AM

Thank you very much, I'll take a look later.
Let me know how things go, be sure to change that network driver.

#12 half_slice7

half_slice7
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Switzerland
  • Local time:05:21 PM

Posted 10 September 2014 - 07:14 AM

I have downloaded the newes WiFi driver from HP, and reinstalled it. If it doesn't help, I will try rolling back the wifi driver.

 

Also I uninstalled the TrendMicro OfficeScan, and installed Microsoft Security Essentials. I don't trust TrendMicro anymore...

I will post here, if there are any news about it.


"Everyone has a plan 'till they get punched in the mouth."

- Mike Tyson 

#13 Jared44

Jared44

  • BSOD Kernel Dump Expert
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dronfield
  • Local time:05:21 PM

Posted 11 September 2014 - 02:54 PM

Any updates to report?



#14 half_slice7

half_slice7
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Switzerland
  • Local time:05:21 PM

Posted 11 September 2014 - 02:59 PM

Since reinstalling the wifi driver and removing TrendMicro, never had a BSOD. A good sign!

But don't halloo till you're out of the wood! I'm still waiting on a few days...

 

But thanks for asking.


"Everyone has a plan 'till they get punched in the mouth."

- Mike Tyson 

#15 Jared44

Jared44

  • BSOD Kernel Dump Expert
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dronfield
  • Local time:05:21 PM

Posted 11 September 2014 - 04:38 PM

That's good news, on a different note I've done a bit of an analysis.

Deadlock detected (3 locks in 2 threads):

=================================================
Thread 0: TERMINATED took locks in the following order:

Lock A =     fffffa800b912190 (+0xfffffa800b912190) - Type 'Spinlock'.

    Stack:   fffff88005828869 NETwsw02+0x0000000000013869
             fffff88005936497 NETwsw02+0x0000000000121497
             fffff88005935d5e NETwsw02+0x0000000000120d5e
             fffff8800587f90c NETwsw02+0x000000000006a90c
             fffff8800582bc9e NETwsw02+0x0000000000016c9e
             fffff8800582b563 NETwsw02+0x0000000000016563
             fffff880058334c9 NETwsw02+0x000000000001e4c9
             fffff8800584e82e NETwsw02+0x000000000003982e

Lock B =     fffffa800ba1b478 (+0xfffffa800ba1b478) - Type 'Spinlock'.

    Stack:   fffff8800582887e NETwsw02+0x000000000001387e
             fffff88005936497 NETwsw02+0x0000000000121497
             fffff88005935d5e NETwsw02+0x0000000000120d5e
             fffff8800587f90c NETwsw02+0x000000000006a90c
             fffff8800582bc9e NETwsw02+0x0000000000016c9e
             fffff8800582b563 NETwsw02+0x0000000000016563
             fffff880058334c9 NETwsw02+0x000000000001e4c9
             fffff8800584e82e NETwsw02+0x000000000003982e

=================================================
Thread 1: fffffa80114eab50 took locks in the following order:

Lock B =     fffffa800ba1b478 (+0xfffffa800ba1b478) - Type 'Spinlock'.

    Stack:   fffff8800582887e NETwsw02+0x000000000001387e
             fffff88005934e56 NETwsw02+0x000000000011fe56
             fffff88005932871 NETwsw02+0x000000000011d871
             fffff8800582bc9e NETwsw02+0x0000000000016c9e
             fffff8800582b563 NETwsw02+0x0000000000016563
             fffff88005833b00 NETwsw02+0x000000000001eb00
             fffff8800582bc9e NETwsw02+0x0000000000016c9e
             fffff8800582b563 NETwsw02+0x0000000000016563

Lock C =     fffffa800bc8b9a8 (+0xfffffa800bc8b9a8) - Type 'Spinlock'.

    Stack:   fffff88005881a30 NETwsw02+0x000000000006ca30
             fffff8800582bc9e NETwsw02+0x0000000000016c9e
             fffff8800582b563 NETwsw02+0x0000000000016563
             fffff880058adba3 NETwsw02+0x0000000000098ba3
             fffff88005b014c6 NETwsw02+0x00000000002ec4c6
             fffff88005933305 NETwsw02+0x000000000011e305
             fffff88005932b17 NETwsw02+0x000000000011db17
             fffff88005a12aaf NETwsw02+0x00000000001fdaaf

Lock A =     fffffa800b912190 (+0xfffffa800b912190) - Type 'Spinlock'.

So we have thread 0 with lock A and B then thread 1 with ABC where A and B are trying to acquire the lock counterpart in the other thread.

0: kd> !deadlock
issue: 0000000000001001 fffffa800b912190 fffffa800e295e00 0000000000000000 

Deadlock detected (3 locks in 2 threads):

Thread 0: A B.
Thread 1: B C A.

Where:

Thread 0 = TERMINATED.
Thread 1 = fffffa80114eab50.

Lock A =   fffffa800b912190 (+0xfffffa800b912190) - Type 'Spinlock'.
Lock B =   fffffa800ba1b478 (+0xfffffa800ba1b478) - Type 'Spinlock'.
Lock C =   fffffa800bc8b9a8 (+0xfffffa800bc8b9a8) - Type 'Spinlock'.

So what I see if happening is thread 0 that holds lock A and B was terminated, the problem is that lock A and B in thread A are waiting on the other spinlocks from thread 0 to be released but because it was terminated they can't be released and therefore the spinlocks in thread 1 can't be released and therefore we have a deadlock.

 

 

Any other BSODs let me know, but it certainly seems to be caused by your network driver.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users