Newly built computer crashes

[BigBabyMoses06]

So heres the deal. I recently ordered the parts needed to make a computer.
Its up and running(im on it now as i type), however, it seems to crashes when either there is more than one thing going on, (updating windows vista, and web browsing), or trying to install new drivers/any updates and installations. I managed to get Firefox installed
The screen will quickly go to a blue screen, with no time at all to read what it says, and then it restarts.
Also, i get numerous Vista errors, and program shutdowns.
Everything seems to run fine and dandy until i start installing drivers and updates. However i have not let it run long enough un-updated to see if it will work fine.
Similar to this.

Here is what im running.
MB: Biostar TF7025-M2 w/onboard Nvidia GeForce7025 wit amd2 socket
Nvidia GeForce 8800GTS
Processor : AMD 64X2 4000+
MEM: 2 Gigs of G.Skill Ram
OS: Vista home edition (64 bit)

Ideas?

Edit: FireFox keeps on crashing on me now when i use it excessively. (Multiple tabs and using it quickly)
Can email me at BigBabyMoses06@gmail.com if you experience the same problems with anythign similar, and if i get a response, ill forward them to you.

 

[dclive]

Debug the dump. See my website for the how-to, and report back on the output from !analyze -v.

 

[BigBabyMoses06]

PAGE_FAULT_IN_NON_PAGED_AREA
STOP:0x00000050COXFFFFF88103 BA2B5C.0x0000000000000000.0xFFFFF980004FCD28.0x000000000000000

Doing so now.

 

[BigBabyMoses06]

Blah

 

[BigBabyMoses06]

Here you go.

Arg3: fffff980004fcd28, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)

Debugging Details:
------------------


Could not read faulting driver name



READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001dfa0b0
fffff88103ba2b5c

FAULTING_IP:
fileinfo!FIPfStringFind+48
fffff980`004fcd28 410fb70c24 movzx ecx,word ptr [r12]

MM_INTERNAL_CODE: 5

CUSTOMER_CRASH_COUNT: 7

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 0

TRAP_FRAME: fffff980119c02b0 -- (.trap 0xfffff980119c02b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff980004f24b0 rbx=fffffa8001861600 rcx=fffff980119c0718
rdx=fffff980004f2760 rsi=0000000000000000 rdi=fffffa8002432bb0
rip=fffff980004fcd28 rsp=fffff980119c0440 rbp=fffff980004f24b0
r8=0000000000000000 r9=0000000000000000 r10=fffffa8001804000
r11=fffffa80021d06a8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac pe cy
fileinfo!FIPfStringFind+0x48:
fffff980`004fcd28 410fb70c24 movzx ecx,word ptr [r12] ds:9200:00000000`00000000=????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80001c53962 to fffff80001c4dc90

STACK_TEXT:
fffff980`119c01a8 fffff800`01c53962 : 00000000`00000050 fffff881`03ba2b5c 00000000`00000000 fffff980`119c02b0 : nt!KeBugCheckEx
fffff980`119c01b0 fffff800`01c4c819 : 00000000`00000000 fffff881`03ba2b5c fffffa80`03fd1b00 fffffa80`02533510 : nt!MmAccessFault+0x4c2
fffff980`119c02b0 fffff980`004fcd28 : ffffffff`80000800 00000000`00000000 00000000`00000000 fffff980`119c0620 : nt!KiPageFault+0x119
fffff980`119c0440 fffff980`004f9d6e : 00000000`00000000 fffff980`004f4478 00000000`00000001 00000000`00000030 : fileinfo!FIPfStringFind+0x48
fffff980`119c0480 fffff800`01f303b7 : fffff880`055bdd01 fffff880`055bdd01 00000000`00000004 00000000`00000000 : fileinfo!FIPfInterfaceOpen+0x24a
fffff980`119c0600 fffff800`01fd6827 : 00000000`00000081 ffffffff`ffe91ca0 fffff980`119c0718 00000000`00000000 : nt!PfpOpenHandleCreate+0x117
fffff980`119c06d0 fffff800`01fdc8a6 : 00000000`00000000 fffff880`03b70288 fffff880`03b6a000 fffff980`00000060 : nt!PfpFileBuildReadSupport+0xe7
fffff980`119c07c0 fffff800`01fdeb89 : fffff880`00000000 00000000`00000003 fffffa80`0000020a 00000000`00000000 : nt!PfpPrefetchFilesTrickle+0x126
fffff980`119c08c0 fffff800`01fdee42 : 00000000`00000000 fffff980`119c0ca0 fffff980`119c0a08 fffff880`03b6a000 : nt!PfpPrefetchRequestPerform+0x2f9
fffff980`119c0960 fffff800`01fe1466 : fffff980`119c0a08 00000000`00000001 fffffa80`01e46880 00000000`00000000 : nt!PfpPrefetchRequest+0x171
fffff980`119c09d0 fffff800`01ff1ca2 : 00000000`00000000 00000000`00000004 00000000`00000000 00000000`00000001 : nt!PfSetSuperfetchInformation+0x1a5
fffff980`119c0ab0 fffff800`01c4d733 : fffffa80`02432bb0 00000000`00000000 00000000`00000000 fffff980`119c0ca0 : nt!NtSetSystemInformation+0x8f5
fffff980`119c0c20 00000000`7732194a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01a8f7e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7732194a


STACK_COMMAND: kb

FOLLOWUP_IP:
fileinfo!FIPfStringFind+48
fffff980`004fcd28 410fb70c24 movzx ecx,word ptr [r12]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: fileinfo!FIPfStringFind+48

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: fileinfo

IMAGE_NAME: fileinfo.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4549b693

FAILURE_BUCKET_ID: X64_0x50_fileinfo!FIPfStringFind+48

BUCKET_ID: X64_0x50_fileinfo!FIPfStringFind+48

Followup: MachineOwner
---------

 

[dclive]

You can either run verifer with default options, or you can debug the rest of the dumps that you surely have in c:\windows\minidumps. Take your pick, or do both.

 

[BigBabyMoses06]

?? Sorry. Im not following. Do you want me to do both and post back on here?
So far the others say problems with memory.

 

[dclive]

Yes, both.

I'm not sure what "problems with memory" means; if you can post full output of '!analyze -v' that would be interesting.

 

[daveybrat]

You left out a very important piece of info. What power supply are you using with this pc?

Let us know that and you might also want to download and run Memtest86 for at least a couple of hours on the pc.

 

[BigBabyMoses06]

Its a 350W supply. I ran mem test on the 1st gig of ram already with no issues. I am now running it on the second.

Dclive. Ill get them all for you.

 

[daveybrat]

Originally posted by: BigBabyMoses06
Its a 350W supply. I ran mem test on the 1st gig of ram already with no issues. I am now running it on the second.

Dclive. Ill get them all for you.

You are running a 350Watt power supply on this???

Here is what im running.
MB: Biostar TF7025-M2 w/onboard Nvidia GeForce7025 wit amd2 socket
Nvidia GeForce 8800GTS
Processor : AMD 64X2 4000+
MEM: 2 Gigs of G.Skill Ram
OS: Vista home edition (64 bit)

That is NOT enough to run an 8800GTS with your system specs. That is most likely the culprit here.

 

[dclive]

Originally posted by: daveybrat

Originally posted by: BigBabyMoses06
Its a 350W supply. I ran mem test on the 1st gig of ram already with no issues. I am now running it on the second.

Dclive. Ill get them all for you.

You are running a 350Watt power supply on this???

Here is what im running.
MB: Biostar TF7025-M2 w/onboard Nvidia GeForce7025 wit amd2 socket
Nvidia GeForce 8800GTS
Processor : AMD 64X2 4000+
MEM: 2 Gigs of G.Skill Ram
OS: Vista home edition (64 bit)

That is NOT enough to run an 8800GTS with your system specs. That is most likely the culprit here.

Not so.

I ran a Q6600 (Quad-core 6600) with 4GB RAM (4x1GB sticks), 8800GTS/320, 4x500GB HDD (IIRC; it's been a while), 2 PCI tv tuners, and various other bits, on a stock Acer E700 300W PSU.

350W for what he's got is easily enough, with perhaps 150W to spare.

Check out AT's 8800GTS reviews to see actual power used sometime. You'd be surprised.

 

[BigBabyMoses06]

Update. PC runs with just one stick or ram. Mem checks came back ok, swaped one for the other, and it still runs ok.
Any ideas?

 

[daveybrat]

What brand/model of power supply is it?

 

[BigBabyMoses06]

Powerman. Model number I-P350AJ2-0

 

[dclive]

And results of looking at the dumps are?

 

[BigBabyMoses06]

Debug 1

Microsoft (R) Windows Debugger Version 6.8.0004.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini010308-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16386.amd64fre.vista_rtm.061101-2205
Kernel base = 0xfffff800`01800000 PsLoadedModuleList = 0xfffff800`01999e90
Debug session time: Thu Jan 3 10:41:41.695 2008 (GMT-Cool
System Uptime: 0 days 0:01:43.382
Loading Kernel Symbols
...........................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41201, fffff680000012a8, c2d000012abc8867, fffffa8001de9de0}



Probably caused by : memory_corruption ( nt!MiGetPageProtection+1dd )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041201, The subtype of the bugcheck.
Arg2: fffff680000012a8
Arg3: c2d000012abc8867
Arg4: fffffa8001de9de0

Debugging Details:
------------------




BUGCHECK_STR: 0x1a_41201

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: SearchProtocolH

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff8000189e2ad to fffff8000184e250

STACK_TEXT:
fffff980`0a45b988 fffff800`0189e2ad : 00000000`0000001a 00000000`00041201 fffff680`000012a8 c2d00001`2abc8867 : nt!KeBugCheckEx
fffff980`0a45b990 fffff800`0187f9f0 : 00000000`00000000 fffff800`01ac7e4f 00000000`00000a88 00000000`00000000 : nt!MiGetPageProtection+0x1dd
fffff980`0a45b9e0 fffff800`0187fe6a : fffffa80`01de9de0 00000000`00000000 fffffa80`01dec040 fffff980`0a45bab0 : nt!MiQueryAddressState+0x2d0
fffff980`0a45ba40 fffff800`01ac4c2f : 00000000`00000004 00000000`00256000 fffffa80`042e5bb0 00000000`00000003 : nt!MiQueryAddressSpan+0xaa
fffff980`0a45bab0 fffff800`0184dcf3 : 00000000`00000a88 fffffa80`042e5bb0 00000000`00000000 00000000`0643e7c8 : nt!NtQueryVirtualMemory+0x6dd
fffff980`0a45bbb0 00000000`779b04aa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0643e7a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x779b04aa


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiGetPageProtection+1dd
fffff800`0189e2ad cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!MiGetPageProtection+1dd

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 4549b6c6

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: X64_0x1a_41201_nt!MiGetPageProtection+1dd

BUCKET_ID: X64_0x1a_41201_nt!MiGetPageProtection+1dd

Followup: MachineOwner

2

Dump 2

Microsoft (R) Windows Debugger Version 6.8.0004.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini010308-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16514.amd64fre.vista_gdr.070627-1500
Kernel base = 0xfffff800`01800000 PsLoadedModuleList = 0xfffff800`0199af50
Debug session time: Thu Jan 3 13:29:44.034 2008 (GMT-Cool
System Uptime: 0 days 0:04:15.922
Loading Kernel Symbols
...........................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41790, fffffa80008a4c80, ffff, 0}



Probably caused by : memory_corruption ( nt!MiDeleteVirtualAddresses+d49 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa80008a4c80
Arg3: 000000000000ffff
Arg4: 0000000000000000

Debugging Details:
------------------




BUGCHECK_STR: 0x1a_41790

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: SearchProtocolH

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff80001870749 to fffff8000184dbd0

STACK_TEXT:
fffff980`149c6798 fffff800`01870749 : 00000000`0000001a 00000000`00041790 fffffa80`008a4c80 00000000`0000ffff : nt!KeBugCheckEx
fffff980`149c67a0 fffff800`01871e37 : 00000000`00000011 00000000`0071dfff 00000000`00000000 00000000`00000000 : nt!MiDeleteVirtualAddresses+0xd49
fffff980`149c6930 fffff800`01880597 : fffffa80`03fda860 00000000`00000000 fffffa80`03fda860 fffffa80`03d53720 : nt!MiRemoveMappedView+0x62b
fffff980`149c6a60 fffff800`01ab3756 : fffff880`03879060 00000000`00000000 00000000`00000000 fffffa80`021f6060 : nt!MmCleanProcessAddressSpace+0x277
fffff980`149c6ab0 fffff800`01a85f9d : 00000000`00000000 fffffa80`021f6001 000007ff`fffdd000 00000000`00000000 : nt!PspExitThread+0x3e6
fffff980`149c6b70 fffff800`01a8b93d : 00000000`00000000 00000000`0000000c 00000000`00137cb0 fffffa80`0000000c : nt!PspTerminateThreadByPointer+0x4d
fffff980`149c6bc0 fffff800`0184d673 : fffffa80`03fda860 fffffa80`021f6060 fffff980`149c6ca0 00000000`00137cb0 : nt!NtTerminateProcess+0x18d
fffff980`149c6c20 00000000`7745053a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0017f6c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7745053a


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiDeleteVirtualAddresses+d49
fffff800`01870749 cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!MiDeleteVirtualAddresses+d49

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 46830f41

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: X64_0x1a_41790_nt!MiDeleteVirtualAddresses+d49

BUCKET_ID: X64_0x1a_41790_nt!MiDeleteVirtualAddresses+d49

Followup: MachineOwner

3

Debug 3
Debug session time: Thu Jan 3 13:57:03.622 2008 (GMT-Cool
System Uptime: 0 days 0:03:10.481
Loading Kernel Symbols
...........................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41790, fffffa800065a480, ffff, 0}



Probably caused by : memory_corruption ( nt!MiDeleteVirtualAddresses+d49 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa800065a480
Arg3: 000000000000ffff
Arg4: 0000000000000000

Debugging Details:
------------------




BUGCHECK_STR: 0x1a_41790

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: dw20.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff80001870849 to fffff8000184dc90

STACK_TEXT:
fffff980`12dd98c8 fffff800`01870849 : 00000000`0000001a 00000000`00041790 fffffa80`0065a480 00000000`0000ffff : nt!KeBugCheckEx
fffff980`12dd98d0 fffff800`01880aa4 : ffffffff`ffffff11 00000000`002cffff fffffa80`00000000 fffffa80`00000000 : nt!MiDeleteVirtualAddresses+0xd49
fffff980`12dd9a60 fffff800`01ab2646 : fffff880`03fdd060 00000000`00000000 00000000`00000000 fffffa80`0240c7d0 : nt!MmCleanProcessAddressSpace+0x6a4
fffff980`12dd9ab0 fffff800`01a84e6d : 00000000`00000000 fffffa80`0240c701 00000000`7efdb000 00000000`00000000 : nt!PspExitThread+0x3e6
fffff980`12dd9b70 fffff800`01a8a80d : 00000000`00000000 00000000`0000000c 00000000`7efdd000 00000000`0000000c : nt!PspTerminateThreadByPointer+0x4d
fffff980`12dd9bc0 fffff800`0184d733 : fffffa80`023d9c10 fffffa80`0240c7d0 fffff980`12dd9ca0 00000000`7efdd000 : nt!NtTerminateProcess+0x18d
fffff980`12dd9c20 00000000`76da053a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0007e5c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76da053a


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiDeleteVirtualAddresses+d49
fffff800`01870849 cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!MiDeleteVirtualAddresses+d49

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 470c35b4

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: X64_0x1a_41790_nt!MiDeleteVirtualAddresses+d49

BUCKET_ID: X64_0x1a_41790_nt!MiDeleteVirtualAddresses+d49

Followup: MachineOwner

Thats it for now. I had to go to sleep last. Continuing to finish the bugs and ill post back in a few mins.

 

[BigBabyMoses06]

4
Microsoft (R) Windows Debugger Version 6.8.0004.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini010308-04.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16575.amd64fre.vista_gdr.071009-1548
Kernel base = 0xfffff800`01c00000 PsLoadedModuleList = 0xfffff800`01d9af70
Debug session time: Thu Jan 3 14:13:24.734 2008 (GMT-8)
System Uptime: 0 days 0:03:25.593
Loading Kernel Symbols
............................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 4E, {2, 125ece, 7fedf, ffff}



Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+19f8 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 0000000000000002, A list entry was corrupt
Arg2: 0000000000125ece, entry in list being removed
Arg3: 000000000007fedf, highest physical page number
Arg4: 000000000000ffff, reference count of entry being removed

Debugging Details:
------------------




BUGCHECK_STR: 0x4E_2

CUSTOMER_CRASH_COUNT: 4

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

PROCESS_NAME: VSSVC.exe

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff80001caff58 to fffff80001c4dc90

STACK_TEXT:
fffff980`1242b388 fffff800`01caff58 : 00000000`0000004e 00000000`00000002 00000000`00125ece 00000000`0007fedf : nt!KeBugCheckEx
fffff980`1242b390 fffff800`01c61505 : fffff980`00505611 00000000`00000009 00000000`00000001 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x19f8
fffff980`1242b3d0 fffff800`01c9a160 : fffff880`03079000 fffff880`0307bb38 fffffa80`022cc440 fffffa80`022cc440 : nt!MiFlushSectionInternal+0x5f2
fffff980`1242b5d0 fffff800`01c6077c : 00000000`00000000 fffffa80`047aca70 fffffa80`0279d180 00000000`00000000 : nt!MmFlushSection+0x110
fffff980`1242b680 fffff980`00915dbf : fffffa80`0456eca0 00000000`00000000 fffffa80`00000000 00000000`00000001 : nt!CcFlushCache+0x27c
fffff980`1242b770 fffff980`009e4e58 : 00000000`00000000 fffff880`02531460 00000000`00000000 00000000`00000001 : Ntfs!NtfsFlushUserStream+0x8f
fffff980`1242b7e0 fffff980`009152a9 : fffffa80`047aca70 fffffa80`0279d180 fffffa80`025b5801 fffff880`01593400 : Ntfs!NtfsFlushVolume+0x318
fffff980`1242b910 fffff980`00915bdd : fffffa80`047aca70 fffffa80`02807010 fffffa80`0257dd40 00000000`00000000 : Ntfs!NtfsCommonFlushBuffers+0x4c9
fffff980`1242b9e0 fffff980`0050421a : fffffa80`02807368 fffffa80`02807010 fffffa80`047aca70 fffff980`1242ba08 : Ntfs!NtfsFsdFlushBuffers+0x10d
fffff980`1242ba50 fffff980`00504691 : fffffa80`02aa0960 fffffa80`0257dd40 00000000`00000300 fffff980`1242bc20 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x20a
fffff980`1242bac0 fffff800`01ebdd3f : fffffa80`02aa0960 fffff800`01c5d536 fffff880`0012019f fffff880`03c9df60 : fltmgr!FltpDispatch+0xd1
fffff980`1242bb20 fffff800`01ec1d36 : 00000000`00000000 00000000`00000000 fffffa80`0257dd40 fffff800`01c4d733 : nt!IopSynchronousServiceTail+0x12f
fffff980`1242bb90 fffff800`01c4d733 : fffffa80`02482bb0 00000000`ff080970 fffffa80`02aa0960 fffffa80`0257dd40 : nt!NtFlushBuffersFile+0x176
fffff980`1242bc20 00000000`775a072a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0429f598 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x775a072a


STACK_COMMAND: kb

FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+19f8
fffff800`01caff58 cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+19f8

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 470c35b4

FAILURE_BUCKET_ID: X64_0x4E_2_nt!_??_::FNODOBFM::_string_+19f8

BUCKET_ID: X64_0x4E_2_nt!_??_::FNODOBFM::_string_+19f8

Followup: MachineOwner
---------
[/b][/b][/i][/i]



5
Microsoft (R) Windows Debugger Version 6.8.0004.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini010308-06.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16575.amd64fre.vista_gdr.071009-1548
Kernel base = 0xfffff800`01c00000 PsLoadedModuleList = 0xfffff800`01d9af70
Debug session time: Thu Jan 3 21:40:21.882 2008 (GMT-8)
System Uptime: 0 days 0:04:45.755
Loading Kernel Symbols
............................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck DE, {2, fffff88002d422a8, 0, 135b198c0}



Probably caused by : memory_corruption ( nt!MmPurgeSection+7c5 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

POOL_CORRUPTION_IN_FILE_AREA (de)
A driver corrupted pool memory used for holding pages destined for disk.
This was discovered by the memory manager when dereferencing the file.
Arguments:
Arg1: 0000000000000002
Arg2: fffff88002d422a8
Arg3: 0000000000000000
Arg4: 0000000135b198c0

Debugging Details:
------------------




CUSTOMER_CRASH_COUNT: 6

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0xDE

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff80001c83a18 to fffff80001c4dc90

STACK_TEXT:
fffff980`11ddc588 fffff800`01c83a18 : 00000000`000000de 00000000`00000002 fffff880`02d422a8 00000000`00000000 : nt!KeBugCheckEx
fffff980`11ddc590 fffff800`01c83bec : 00000000`00000000 fffffa80`021f8401 00000000`00000000 00000000`00000000 : nt!MmPurgeSection+0x7c5
fffff980`11ddc610 fffff980`009e4f9e : 00000000`00000000 00000000`00000001 fffffa80`01fc9010 00000000`00000000 : nt!CcPurgeCacheSection+0x13c
fffff980`11ddc660 fffff980`008cb5b9 : fffffa80`01fc9010 fffffa80`024d1180 fffffa80`024d1101 fffff980`0089ec01 : Ntfs!NtfsFlushVolume+0x45e
fffff980`11ddc790 fffff980`00958a3b : fffffa80`01fc9010 fffffa80`02205010 00000000`00000001 fffff980`11ddc8d8 : Ntfs!NtfsDismountVolume+0x2c8
fffff980`11ddc840 fffff980`0093912d : fffffa80`01fc9010 00000000`c0000188 fffffa80`c0000188 00000000`00000001 : Ntfs! ?? ::NNGAKEGL::`string'+0xeedd
fffff980`11ddc880 fffff980`0050421a : fffffa80`02205000 fffffa80`02205010 00000000`00000101 fffffa80`01fc9010 : Ntfs!NtfsFsdFileSystemControl+0x14d
fffff980`11ddc930 fffff980`005209e2 : fffffa80`024d0040 fffffa80`0208cf20 fffffa80`022d4000 00000000`20206f49 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x20a
fffff980`11ddc9a0 fffff800`01e8dee7 : fffffa80`02205301 fffffa80`024d0040 fffffa80`02205368 fffff800`01ee1a29 : fltmgr!FltpFsControl+0x102
fffff980`11ddca00 fffff800`01eab906 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x626
fffff980`11ddcb40 fffff800`01c4d733 : ffffffff`ffffffff 00000000`01dfe0c0 00000000`01dfe0b8 00000000`00000004 : nt!NtFsControlFile+0x56
fffff980`11ddcbb0 00000000`779f060a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01dfe3c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x779f060a


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MmPurgeSection+7c5
fffff800`01c83a18 cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!MmPurgeSection+7c5

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 470c35b4

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: X64_0xDE_nt!MmPurgeSection+7c5

BUCKET_ID: X64_0xDE_nt!MmPurgeSection+7c5

Followup: MachineOwner




6
Microsoft (R) Windows Debugger Version 6.8.0004.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini010308-07.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16575.amd64fre.vista_gdr.071009-1548
Kernel base = 0xfffff800`01c00000 PsLoadedModuleList = 0xfffff800`01d9af70
Debug session time: Thu Jan 3 21:52:55.704 2008 (GMT-8)
System Uptime: 0 days 0:08:51.592
Loading Kernel Symbols
...........................................................................................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffff88103ba2b5c, 0, fffff980004fcd28, 5}


Could not read faulting driver name


Probably caused by : fileinfo.sys ( fileinfo!FIPfStringFind+48 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff88103ba2b5c, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff980004fcd28, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)

Debugging Details:
------------------


Could not read faulting driver name



READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001dfa0b0
fffff88103ba2b5c

FAULTING_IP:
fileinfo!FIPfStringFind+48
fffff980`004fcd28 410fb70c24 movzx ecx,word ptr [r12]

MM_INTERNAL_CODE: 5

CUSTOMER_CRASH_COUNT: 7

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 0

TRAP_FRAME: fffff980119c02b0 -- (.trap 0xfffff980119c02b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff980004f24b0 rbx=fffffa8001861600 rcx=fffff980119c0718
rdx=fffff980004f2760 rsi=0000000000000000 rdi=fffffa8002432bb0
rip=fffff980004fcd28 rsp=fffff980119c0440 rbp=fffff980004f24b0
r8=0000000000000000 r9=0000000000000000 r10=fffffa8001804000
r11=fffffa80021d06a8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac pe cy
fileinfo!FIPfStringFind+0x48:
fffff980`004fcd28 410fb70c24 movzx ecx,word ptr [r12] ds:9200:00000000`00000000=????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80001c53962 to fffff80001c4dc90

STACK_TEXT:
fffff980`119c01a8 fffff800`01c53962 : 00000000`00000050 fffff881`03ba2b5c 00000000`00000000 fffff980`119c02b0 : nt!KeBugCheckEx
fffff980`119c01b0 fffff800`01c4c819 : 00000000`00000000 fffff881`03ba2b5c fffffa80`03fd1b00 fffffa80`02533510 : nt!MmAccessFault+0x4c2
fffff980`119c02b0 fffff980`004fcd28 : ffffffff`80000800 00000000`00000000 00000000`00000000 fffff980`119c0620 : nt!KiPageFault+0x119
fffff980`119c0440 fffff980`004f9d6e : 00000000`00000000 fffff980`004f4478 00000000`00000001 00000000`00000030 : fileinfo!FIPfStringFind+0x48
fffff980`119c0480 fffff800`01f303b7 : fffff880`055bdd01 fffff880`055bdd01 00000000`00000004 00000000`00000000 : fileinfo!FIPfInterfaceOpen+0x24a
fffff980`119c0600 fffff800`01fd6827 : 00000000`00000081 ffffffff`ffe91ca0 fffff980`119c0718 00000000`00000000 : nt!PfpOpenHandleCreate+0x117
fffff980`119c06d0 fffff800`01fdc8a6 : 00000000`00000000 fffff880`03b70288 fffff880`03b6a000 fffff980`00000060 : nt!PfpFileBuildReadSupport+0xe7
fffff980`119c07c0 fffff800`01fdeb89 : fffff880`00000000 00000000`00000003 fffffa80`0000020a 00000000`00000000 : nt!PfpPrefetchFilesTrickle+0x126
fffff980`119c08c0 fffff800`01fdee42 : 00000000`00000000 fffff980`119c0ca0 fffff980`119c0a08 fffff880`03b6a000 : nt!PfpPrefetchRequestPerform+0x2f9
fffff980`119c0960 fffff800`01fe1466 : fffff980`119c0a08 00000000`00000001 fffffa80`01e46880 00000000`00000000 : nt!PfpPrefetchRequest+0x171
fffff980`119c09d0 fffff800`01ff1ca2 : 00000000`00000000 00000000`00000004 00000000`00000000 00000000`00000001 : nt!PfSetSuperfetchInformation+0x1a5
fffff980`119c0ab0 fffff800`01c4d733 : fffffa80`02432bb0 00000000`00000000 00000000`00000000 fffff980`119c0ca0 : nt!NtSetSystemInformation+0x8f5
fffff980`119c0c20 00000000`7732194a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`01a8f7e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7732194a


STACK_COMMAND: kb

FOLLOWUP_IP:
fileinfo!FIPfStringFind+48
fffff980`004fcd28 410fb70c24 movzx ecx,word ptr [r12]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: fileinfo!FIPfStringFind+48

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: fileinfo

IMAGE_NAME: fileinfo.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4549b693

FAILURE_BUCKET_ID: X64_0x50_fileinfo!FIPfStringFind+48

BUCKET_ID: X64_0x50_fileinfo!FIPfStringFind+48

Followup: MachineOwner
---------



7
Microsoft (R) Windows Debugger Version 6.8.0004.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini010308-08.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16575.amd64fre.vista_gdr.071009-1548
Kernel base = 0xfffff800`01c00000 PsLoadedModuleList = 0xfffff800`01d9af70
Debug session time: Thu Jan 3 22:58:53.136 2008 (GMT-8)
System Uptime: 0 days 0:05:59.024
Loading Kernel Symbols
...........................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffff98115ed6008, 0, fffff80001ecb870, 5}


Could not read faulting driver name


Probably caused by : ntkrnlmp.exe ( nt!HvpGetCellMapped+120 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff98115ed6008, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80001ecb870, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)

Debugging Details:
------------------


Could not read faulting driver name



READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001dfa0b0
fffff98115ed6008

FAULTING_IP:
nt!HvpGetCellMapped+120
fffff800`01ecb870 3b4108 cmp eax,dword ptr [rcx+8]

MM_INTERNAL_CODE: 5

CUSTOMER_CRASH_COUNT: 8

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: System

CURRENT_IRQL: 0

TRAP_FRAME: fffff98000cac4a0 -- (.trap 0xfffff98000cac4a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000050 rbx=fffff98015ed5eac rcx=fffff98115ed6000
rdx=0000000000000010 rsi=fffff88003f40010 rdi=0000000000814ea8
rip=fffff80001ecb870 rsp=fffff98000cac630 rbp=0000000000000fff
r8=fffff98015ed6000 r9=0000000000000000 r10=fffff98115ed6005
r11=000000000000bb58 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!HvpGetCellMapped+0x120:
fffff800`01ecb870 3b4108 cmp eax,dword ptr [rcx+8] ds:5000:fffff981`15ed6008=????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80001c53962 to fffff80001c4dc90

STACK_TEXT:
fffff980`00cac398 fffff800`01c53962 : 00000000`00000050 fffff981`15ed6008 00000000`00000000 fffff980`00cac4a0 : nt!KeBugCheckEx
fffff980`00cac3a0 fffff800`01c4c819 : 00000000`00000000 fffff880`0407c2a0 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0x4c2
fffff980`00cac4a0 fffff800`01ecb870 : fffff880`00000018 fffff980`15ed6000 fffff980`15ed5000 fffff980`15ed5ee0 : nt!KiPageFault+0x119
fffff980`00cac630 fffff800`01e4ce9c : fffff880`03f40010 fffff800`01e3344c fffff880`03f24de0 fffff880`0407c2a0 : nt!HvpGetCellMapped+0x120
fffff980`00cac6b0 fffff800`01e334bc : 00000000`00814ef0 fffff800`01e33f43 fffff880`03f40010 00000000`007f67d0 : nt!HvpGetHCell+0xc
fffff980`00cac6e0 fffff800`01e35a50 : fffff880`03f40010 00000000`00815040 fffff880`03f40010 fffff880`0407bec0 : nt!HvIsCellAllocated+0xdc
fffff980`00cac720 fffff800`01e34038 : 00000000`00000000 fffff880`01000001 fffff880`00000000 fffff880`007f67d0 : nt!CmpCheckKey+0x5e2
fffff980`00cac7d0 fffff800`01e32b52 : 00000000`00814ef0 00000000`01000001 00000000`0016f400 00000000`00000000 : nt!CmpCheckRegistry2+0xc8
fffff980`00cac850 fffff800`01e36650 : 00000000`00000000 00000000`00000000 fffff980`0016f400 00000000`00000005 : nt!CmCheckRegistry+0x122
fffff980`00cac8c0 fffff800`01e30756 : fffff980`00caca40 ffffffff`80000794 fffffa80`00000000 fffff980`00cacb60 : nt!CmpInitializeHive+0x670
fffff980`00cac9b0 fffff800`01e30c36 : fffff880`0407a2c8 00000000`00000000 fffff980`00cacb80 fffff980`00cacb51 : nt!CmpInitHiveFromFile+0x286
fffff980`00cacab0 fffff800`01e33207 : fffff880`0407a2c8 00000000`00000005 fffff880`00033010 fffff880`20204d43 : nt!CmpCmdHiveOpen+0x66
fffff980`00cacb20 fffff800`01e31c58 : fffffa80`00000008 00000000`00000003 00000000`00000007 00000000`00000000 : nt!CmpFlushBackupHive+0x2e8
fffff980`00cacc60 fffff800`01e31d0e : fffff800`01dd2640 fffff800`01d689d8 fffffa80`0187e720 fffffa80`0187e720 : nt!CmpSyncBackupHives+0x98
fffff980`00caccb0 fffff800`01c59da3 : fffff800`01d665e0 fffff800`01d68901 fffffa80`04376800 00000000`00000000 : nt!CmpFirstBackupFlushWorker+0xe
fffff980`00cacce0 fffff800`01ee196b : fffff800`01dd2640 00000000`00000000 fffffa80`0187e720 00000000`00000001 : nt!ExpWorkerThread+0x12a
fffff980`00cacd50 fffff800`01c34656 : fffff980`00a63180 fffffa80`0187e720 fffff980`00a6cc40 fffffa80`0187ebb0 : nt!PspSystemThreadStartup+0x5b
fffff980`00cacd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!HvpGetCellMapped+120
fffff800`01ecb870 3b4108 cmp eax,dword ptr [rcx+8]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: nt!HvpGetCellMapped+120

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 470c35b4

FAILURE_BUCKET_ID: X64_0x50_nt!HvpGetCellMapped+120

BUCKET_ID: X64_0x50_nt!HvpGetCellMapped+120

Followup: MachineOwner
---------



8
Microsoft (R) Windows Debugger Version 6.8.0004.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini010308-09.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16575.amd64fre.vista_gdr.071009-1548
Kernel base = 0xfffff800`01c00000 PsLoadedModuleList = 0xfffff800`01d9af70
Debug session time: Thu Jan 3 23:18:06.888 2008 (GMT-8)
System Uptime: 0 days 0:15:33.776
Loading Kernel Symbols
.............................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 4E, {99, 111746, 4, fffffa8003345d20}



Probably caused by : memory_corruption ( nt!MiBadShareCount+4b )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 0000000000000099, A PTE or PFN is corrupt
Arg2: 0000000000111746, page frame number
Arg3: 0000000000000004, current page state
Arg4: fffffa8003345d20, 0

Debugging Details:
------------------




BUGCHECK_STR: 0x4E_99

CUSTOMER_CRASH_COUNT: 9

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

PROCESS_NAME: firefox.exe

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff80001cc328b to fffff80001c4dc90

STACK_TEXT:
fffff980`11154118 fffff800`01cc328b : 00000000`0000004e 00000000`00000099 00000000`00111746 00000000`00000004 : nt!KeBugCheckEx
fffff980`11154120 fffff800`01c8507e : ffffffff`ffffffff ed100001`11746863 fffffa80`049635a0 fffff900`c3055000 : nt!MiBadShareCount+0x4b
fffff980`11154160 fffff800`01e44ded : fffff900`c3055000 fffff900`0000015b fffffa80`02427010 fffff980`01216c00 : nt!MiRemoveMappedPtes+0x80e
fffff980`111542a0 fffff800`01e4466b : fffff880`036e4060 00000000`00000011 00000000`00000001 000001eb`0000036c : nt!MiRemoveFromSystemSpace+0x14d
fffff980`11154300 fffff960`001eb3c4 : fffff900`00000ab5 fffff960`000c2ad5 00000000`00000000 00000000`00000000 : nt!MmUnmapViewInSystemSpace+0x6b
fffff980`11154330 fffff960`000c35f4 : 00000000`00000576 fffff900`c3000010 00000000`00000011 00000000`00000001 : win32k!vFreeKernelSection+0x34
fffff980`11154370 fffff960`000c37d1 : fffff900`c3000010 fffff980`00000000 fffff900`c0085010 00000000`00000000 : win32k!SURFACE::bDeleteSurface+0x344
fffff980`11154450 fffff960`00086994 : ffffffff`e4050576 fffff900`c1d6a010 00000000`00000576 00000000`7efdb000 : win32k!bDeleteSurface+0x31
fffff980`11154480 fffff800`01c4d733 : fffffa80`049635a0 fffff980`11154530 00000000`03a909c0 fffff900`00000000 : win32k!NtGdiDeleteObjectApp+0x94
fffff980`111544b0 00000000`750b3cf9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0007ded8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x750b3cf9


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiBadShareCount+4b
fffff800`01cc328b cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!MiBadShareCount+4b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 470c35b4

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4b

BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4b

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 0000000000000099, A PTE or PFN is corrupt
Arg2: 0000000000111746, page frame number
Arg3: 0000000000000004, current page state
Arg4: fffffa8003345d20, 0

Debugging Details:
------------------




BUGCHECK_STR: 0x4E_99

CUSTOMER_CRASH_COUNT: 9

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

PROCESS_NAME: firefox.exe

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff80001cc328b to fffff80001c4dc90

STACK_TEXT:
fffff980`11154118 fffff800`01cc328b : 00000000`0000004e 00000000`00000099 00000000`00111746 00000000`00000004 : nt!KeBugCheckEx
fffff980`11154120 fffff800`01c8507e : ffffffff`ffffffff ed100001`11746863 fffffa80`049635a0 fffff900`c3055000 : nt!MiBadShareCount+0x4b
fffff980`11154160 fffff800`01e44ded : fffff900`c3055000 fffff900`0000015b fffffa80`02427010 fffff980`01216c00 : nt!MiRemoveMappedPtes+0x80e
fffff980`111542a0 fffff800`01e4466b : fffff880`036e4060 00000000`00000011 00000000`00000001 000001eb`0000036c : nt!MiRemoveFromSystemSpace+0x14d
fffff980`11154300 fffff960`001eb3c4 : fffff900`00000ab5 fffff960`000c2ad5 00000000`00000000 00000000`00000000 : nt!MmUnmapViewInSystemSpace+0x6b
fffff980`11154330 fffff960`000c35f4 : 00000000`00000576 fffff900`c3000010 00000000`00000011 00000000`00000001 : win32k!vFreeKernelSection+0x34
fffff980`11154370 fffff960`000c37d1 : fffff900`c3000010 fffff980`00000000 fffff900`c0085010 00000000`00000000 : win32k!SURFACE::bDeleteSurface+0x344
fffff980`11154450 fffff960`00086994 : ffffffff`e4050576 fffff900`c1d6a010 00000000`00000576 00000000`7efdb000 : win32k!bDeleteSurface+0x31
fffff980`11154480 fffff800`01c4d733 : fffffa80`049635a0 fffff980`11154530 00000000`03a909c0 fffff900`00000000 : win32k!NtGdiDeleteObjectApp+0x94
fffff980`111544b0 00000000`750b3cf9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0007ded8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x750b3cf9


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiBadShareCount+4b
fffff800`01cc328b cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!MiBadShareCount+4b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 470c35b4

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4b

BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4b

Followup: MachineOwner



9
Microsoft (R) Windows Debugger Version 6.8.0004.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini010308-09.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16575.amd64fre.vista_gdr.071009-1548
Kernel base = 0xfffff800`01c00000 PsLoadedModuleList = 0xfffff800`01d9af70
Debug session time: Thu Jan 3 23:18:06.888 2008 (GMT-8)
System Uptime: 0 days 0:15:33.776
Loading Kernel Symbols
.............................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 4E, {99, 111746, 4, fffffa8003345d20}



Probably caused by : memory_corruption ( nt!MiBadShareCount+4b )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PFN_LIST_CORRUPT (4e)
Typically caused by drivers passing bad memory descriptor lists (ie: calling
MmUnlockPages twice with the same list, etc). If a kernel debugger is
available get the stack trace.
Arguments:
Arg1: 0000000000000099, A PTE or PFN is corrupt
Arg2: 0000000000111746, page frame number
Arg3: 0000000000000004, current page state
Arg4: fffffa8003345d20, 0

Debugging Details:
------------------




BUGCHECK_STR: 0x4E_99

CUSTOMER_CRASH_COUNT: 9

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

PROCESS_NAME: firefox.exe

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff80001cc328b to fffff80001c4dc90

STACK_TEXT:
fffff980`11154118 fffff800`01cc328b : 00000000`0000004e 00000000`00000099 00000000`00111746 00000000`00000004 : nt!KeBugCheckEx
fffff980`11154120 fffff800`01c8507e : ffffffff`ffffffff ed100001`11746863 fffffa80`049635a0 fffff900`c3055000 : nt!MiBadShareCount+0x4b
fffff980`11154160 fffff800`01e44ded : fffff900`c3055000 fffff900`0000015b fffffa80`02427010 fffff980`01216c00 : nt!MiRemoveMappedPtes+0x80e
fffff980`111542a0 fffff800`01e4466b : fffff880`036e4060 00000000`00000011 00000000`00000001 000001eb`0000036c : nt!MiRemoveFromSystemSpace+0x14d
fffff980`11154300 fffff960`001eb3c4 : fffff900`00000ab5 fffff960`000c2ad5 00000000`00000000 00000000`00000000 : nt!MmUnmapViewInSystemSpace+0x6b
fffff980`11154330 fffff960`000c35f4 : 00000000`00000576 fffff900`c3000010 00000000`00000011 00000000`00000001 : win32k!vFreeKernelSection+0x34
fffff980`11154370 fffff960`000c37d1 : fffff900`c3000010 fffff980`00000000 fffff900`c0085010 00000000`00000000 : win32k!SURFACE::bDeleteSurface+0x344
fffff980`11154450 fffff960`00086994 : ffffffff`e4050576 fffff900`c1d6a010 00000000`00000576 00000000`7efdb000 : win32k!bDeleteSurface+0x31
fffff980`11154480 fffff800`01c4d733 : fffffa80`049635a0 fffff980`11154530 00000000`03a909c0 fffff900`00000000 : win32k!NtGdiDeleteObjectApp+0x94
fffff980`111544b0 00000000`750b3cf9 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0007ded8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x750b3cf9


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiBadShareCount+4b
fffff800`01cc328b cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt!MiBadShareCount+4b

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 470c35b4

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4b

BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4b

Followup: MachineOwner
---------



1B
Microsoft (R) Windows Debugger Version 6.8.0004.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini010408-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16575.amd64fre.vista_gdr.071009-1548
Kernel base = 0xfffff800`01c00000 PsLoadedModuleList = 0xfffff800`01d9af70
Debug session time: Fri Jan 4 00:09:22.816 2008 (GMT-8)
System Uptime: 0 days 0:05:34.704
Loading Kernel Symbols
..............................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 3B, {c0000005, fffff960000ed261, fffff9800d1fe9c0, 0}



Probably caused by : win32k.sys ( win32k!xxxSetParent+1d1 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff960000ed261, Address of the exception record for the exception that caused the bugcheck
Arg3: fffff9800d1fe9c0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------




EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP:
win32k!xxxSetParent+1d1
fffff960`000ed261 845030 test byte ptr [rax+30h],dl

CONTEXT: fffff9800d1fe9c0 -- (.cxr 0xfffff9800d1fe9c0)
rax=0000000100000000 rbx=fffff900c0859240 rcx=0000000000000000
rdx=fffff900c0800b08 rsi=fffff900c0857b70 rdi=fffff900c0800b60
rip=fffff960000ed261 rsp=fffff9800d1ff220 rbp=0000000000000000
r8=000000000000000b r9=fffff900c0800b60 r10=fffff900c0857bc0
r11=fffffa80042db8f0 r12=0000000000000000 r13=0000000000000000
r14=000000000000003c r15=00000000040b2ae8
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206
win32k!xxxSetParent+0x1d1:
fffff960`000ed261 845030 test byte ptr [rax+30h],dl ds:002b:00000001`00000030=??
Resetting default scope

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x3B

PROCESS_NAME: windbg.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff960000d9dcf to fffff960000ed261

STACK_TEXT:
fffff980`0d1ff220 fffff960`000d9dcf : 00000000`00000000 fffff900`c0859240 00000000`00000000 00000000`00000000 : win32k!xxxSetParent+0x1d1
fffff980`0d1ff2c0 fffff800`01c4d733 : fffffa80`01ecb4d0 fffff980`0d1ff3a0 00000000`03ffc310 00000000`00000020 : win32k!NtUserSetParent+0xef
fffff980`0d1ff320 00000000`7735fd4a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0025a818 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7735fd4a


FOLLOWUP_IP:
win32k!xxxSetParent+1d1
fffff960`000ed261 845030 test byte ptr [rax+30h],dl

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k!xxxSetParent+1d1

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45d3d32c

STACK_COMMAND: .cxr 0xfffff9800d1fe9c0 ; kb

FAILURE_BUCKET_ID: X64_0x3B_win32k!xxxSetParent+1d1

BUCKET_ID: X64_0x3B_win32k!xxxSetParent+1d1

Followup: MachineOwner
---------


2b

Microsoft (R) Windows Debugger Version 6.8.0004.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini010408-02.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16575.amd64fre.vista_gdr.071009-1548
Kernel base = 0xfffff800`01c00000 PsLoadedModuleList = 0xfffff800`01d9af70
Debug session time: Fri Jan 4 11:28:37.049 2008 (GMT-8)
System Uptime: 0 days 0:01:56.937
Loading Kernel Symbols
.............................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffffa82029610f8, 0, fffff80001c59899, 5}


Could not read faulting driver name


Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+119 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa82029610f8, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80001c59899, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)

Debugging Details:
------------------


Could not read faulting driver name



READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001dfa0b0
fffffa82029610f8

FAULTING_IP:
nt!IoGetRelatedDeviceObject+4b
fffff800`01c59899 488b4008 mov rax,qword ptr [rax+8]

MM_INTERNAL_CODE: 5

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: explorer.exe

CURRENT_IRQL: 0

TRAP_FRAME: fffff98000c97520 -- (.trap 0xfffff98000c97520)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa82029610f0 rbx=fffffa800456f280 rcx=fffffa80045f7d40
rdx=0000000000001fc4 rsi=0000000000000000 rdi=fffff80001ea7939
rip=fffff80001c59899 rsp=fffff98000c976b8 rbp=fffff88002f92000
r8=0000000000000009 r9=fffff88002f92000 r10=0057005c0030002e
r11=fffffa8001fce000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
nt!IoGetRelatedDeviceObject+0x4b:
fffff800`01c59899 488b4008 mov rax,qword ptr [rax+8] ds:fffffa82`029610f8=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80001c53962 to fffff80001c4dc90

STACK_TEXT:
fffff980`00c97418 fffff800`01c53962 : 00000000`00000050 fffffa82`029610f8 00000000`00000000 fffff980`00c97520 : nt!KeBugCheckEx
fffff980`00c97420 fffff800`01c4c819 : 00000000`00000000 fffff880`02f92000 fffff980`00c97800 00000000`00000000 : nt!MmAccessFault+0x4c2
fffff980`00c97520 fffff800`01c59899 : fffff800`01e89b59 00000000`00000004 00000000`00000040 fffff880`000056d0 : nt!KiPageFault+0x119
fffff980`00c976b8 fffff800`01e89b59 : 00000000`00000004 00000000`00000040 fffff880`000056d0 fffffa80`02961aa0 : nt!IoGetRelatedDeviceObject+0x4b
fffff980`00c976c0 fffff800`01e897e9 : 00000000`00000004 fffffa80`0456f280 fffff880`02f92000 fffff980`00c97800 : nt!IopGetFileInformation+0x59
fffff980`00c97740 fffff800`01e89936 : fffffa80`045f7d40 00000000`00000001 00000000`00000000 fffffa80`01fce000 : nt!IopQueryNameInternal+0x319
fffff980`00c977e0 fffff800`01ea71f7 : fffff880`02f8e5a0 00000000`00000000 00000000`00000002 fffffa80`041c3b20 : nt!IopQueryName+0x26
fffff980`00c97830 fffff800`01f9ee3e : fffffa80`045f7d40 fffffa80`01fce000 fffff880`00002000 fffff980`00c97958 : nt!ObpQueryNameString+0x137
fffff980`00c97900 fffff800`01f9f075 : fffffa80`0456f280 fffffa80`0000007a fffff980`00c97a20 fffff980`00c97a00 : nt!EtwpEnumerateImages+0x7e
fffff980`00c97950 fffff800`01f7c666 : fffffa80`0456d760 fffffa80`0456f280 fffff800`01f9eeb0 fffff980`00c97a20 : nt!EtwpProcessEnumCallback+0x1c5
fffff980`00c979d0 fffff800`01f9f1a3 : fffff980`00c97af8 00000000`00000001 fffff800`01d67300 fffff800`01d67300 : nt!PsEnumProcesses+0x26
fffff980`00c97a00 fffff800`01fddb47 : 00000000`00000000 fffffa80`027a5310 00000000`00000000 fffff800`01d67370 : nt!EtwpProcessThreadImageRundown+0x33
fffff980`00c97a40 fffff800`01fef139 : 00000000`00000418 00000000`00000002 fffff800`01d67370 00000001`00000000 : nt!EtwpKernelTraceRundown+0x47
fffff980`00c97a70 fffff800`01fef1ef : fffffa80`027a5310 fffff880`02f73740 fffffa80`027a5310 00000000`00000001 : nt!EtwpUpdateLoggerGroupMasks+0x229
fffff980`00c97b60 fffff800`01fef7c2 : 00000000`00000000 00000000`00000000 00000000`00000002 00000000`00000000 : nt!EtwpStopLoggerInstance+0x4f
fffff980`00c97ba0 fffff800`01f0dd34 : 00000000`00000000 fffff980`00c97ce0 fffffa80`027a5310 ffffffff`88ca6c00 : nt!EtwpStopTrace+0x112
fffff980`00c97c30 fffff800`01ff08f5 : ffffffff`ffffffff fffffa80`0187d720 fffff800`000000b4 fffffa80`64465250 : nt! ?? ::NNGAKEGL::`string'+0x3d778
fffff980`00c97ca0 fffff800`01c59da3 : fffffa80`01fec640 fffffa80`01e59920 fffffa80`01fec600 00000000`00000000 : nt!PerfDiagpProxyWorker+0x1a5
fffff980`00c97ce0 fffff800`01ee196b : fffffa80`01e59920 002f0072`0062003c fffffa80`0187d720 003c0020`00200001 : nt!ExpWorkerThread+0x12a
fffff980`00c97d50 fffff800`01c34656 : fffff980`00a63180 fffffa80`0187d720 fffff980`00a6cc40 fffffa80`0187dbb0 : nt!PspSystemThreadStartup+0x5b
fffff980`00c97d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KiPageFault+119
fffff800`01c4c819 85c0 test eax,eax

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: nt!KiPageFault+119

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 470c35b4

FAILURE_BUCKET_ID: X64_0x50_nt!KiPageFault+119

BUCKET_ID: X64_0x50_nt!KiPageFault+119

Followup: MachineOwner
---------



3b
Microsoft (R) Windows Debugger Version 6.8.0004.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini010408-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16575.amd64fre.vista_gdr.071009-1548
Kernel base = 0xfffff800`01c00000 PsLoadedModuleList = 0xfffff800`01d9af70
Debug session time: Fri Jan 4 11:30:24.586 2008 (GMT-8)
System Uptime: 0 days 0:01:18.321
Loading Kernel Symbols
............................................................................................................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {fffffa8202ce61d8, 2, 0, fffff9800061205a}



Probably caused by : ecache.sys ( ecache!EcCacheManagerPurgeCacheForDevice+86 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffffa8202ce61d8, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff9800061205a, address which referenced memory

Debugging Details:
------------------




READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001dfa0b0
fffffa8202ce61d8

CURRENT_IRQL: 2

FAULTING_IP:
ecache!EcCacheManagerPurgeCacheForDevice+86
fffff980`0061205a 48235308 and rdx,qword ptr [rbx+8]

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

PROCESS_NAME: Idle

TRAP_FRAME: fffff98000a4d7b0 -- (.trap 0xfffff98000a4d7b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000100000 rbx=0000000000000001 rcx=0000000000007fff
rdx=ffffffffffffffff rsi=fffffa80027e84b0 rdi=fffffa8002a62102
rip=fffff9800061205a rsp=fffff98000a4d940 rbp=fffffa8002a62190
r8=0000000000000103 r9=0000000000008000 r10=0000000000000001
r11=fffffa8002e77d60 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac po nc
ecache!EcCacheManagerPurgeCacheForDevice+0x86:
fffff980`0061205a 48235308 and rdx,qword ptr [rbx+8] ds:00000000`00000009=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80001c4da33 to fffff80001c4dc90

STACK_TEXT:
fffff980`00a4d668 fffff800`01c4da33 : 00000000`0000000a fffffa82`02ce61d8 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff980`00a4d670 fffff800`01c4c90b : 00000000`00000000 fffffa82`02ce61d0 00000000`0e93b100 fffff980`00a4d830 : nt!KiBugCheckDispatch+0x73
fffff980`00a4d7b0 fffff980`0061205a : 00000000`00852738 fffffa82`02ce61d0 fffffa80`02a62190 fffffa80`02e77d50 : nt!KiPageFault+0x20b
fffff980`00a4d940 fffff980`0060f42a : 00000000`00852738 fffffa80`0471a010 fffffa80`0471a010 fffff980`00551379 : ecache!EcCacheManagerPurgeCacheForDevice+0x86
fffff980`00a4d980 fffff800`01c5b9e9 : fffffa80`02a62040 00000000`00000034 fffffa80`028da120 fffffa80`0471a1bb : ecache!EcDispatchReadWriteCompletion+0x102
fffff980`00a4da20 fffff980`00bcff8f : fffffa80`02a5e060 fffffa80`02a5e060 fffffa80`02a5f560 fffffa80`04846e70 : nt!IopfCompleteRequest+0x1a9
fffff980`00a4da90 fffff800`01c5b9e9 : fffffa80`046d5010 00000000`00000000 00000000`00000000 00000000`00000000 : CLASSPNP!TransferPktComplete+0x36f
fffff980`00a4dae0 fffff980`0054ca84 : 00000000`00000000 00000000`00000000 fffffa80`027741b0 fffffa80`046d5010 : nt!IopfCompleteRequest+0x1a9
fffff980`00a4db50 fffff980`0054c8b2 : fffffa80`01b89b80 00000000`00000000 fffffa80`01b89b80 00000000`737f5ffa : ataport!IdeCompleteScsiIrp+0x60
fffff980`00a4db80 fffff980`0054eee9 : 00000000`00000001 00000000`00000000 00000000`00000000 fffff980`0453ada9 : ataport!IdeCommonCrbCompletion+0x5a
fffff980`00a4dbb0 fffff980`0054e961 : fffffa80`027551a0 00000000`00000000 fffffa80`02755050 00000000`00000001 : ataport!IdeProcessCompletedRequests+0x409
fffff980`00a4dc60 fffff800`01c50512 : 00000019`1e102b8b 00000000`34776400 00000000`00000000 fffffa80`02755050 : ataport!IdePortCompletionDpc+0x15d
fffff980`00a4dd10 fffff800`01c4fc2f : fffff980`0054e804 fffff980`00a63180 00000000`00000000 fffff980`00a6cc40 : nt!KiRetireDpcList+0x155
fffff980`00a4dd80 fffff800`01e00724 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5f
fffff980`00a4ddb0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemStartup+0x1d4


STACK_COMMAND: kb

FOLLOWUP_IP:
ecache!EcCacheManagerPurgeCacheForDevice+86
fffff980`0061205a 48235308 and rdx,qword ptr [rbx+8]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: ecache!EcCacheManagerPurgeCacheForDevice+86

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: ecache

IMAGE_NAME: ecache.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4549bcfb

FAILURE_BUCKET_ID: X64_0xD1_ecache!EcCacheManagerPurgeCacheForDevice+86

BUCKET_ID: X64_0xD1_ecache!EcCacheManagerPurgeCacheForDevice+86

Followup: MachineOwner
---------




4B
Microsoft (R) Windows Debugger Version 6.8.0004.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini010408-04.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16575.amd64fre.vista_gdr.071009-1548
Kernel base = 0xfffff800`01c00000 PsLoadedModuleList = 0xfffff800`01d9af70
Debug session time: Fri Jan 4 11:47:00.902 2008 (GMT-8)
System Uptime: 0 days 0:15:13.806
Loading Kernel Symbols
.............................................................................................................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffffa8006416e0b, 0, fffff80001ce9a82, 2}


Could not read faulting driver name


Probably caused by : memory_corruption ( nt!MiAgeWorkingSet+2b2 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa8006416e0b, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80001ce9a82, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)

Debugging Details:
------------------


Could not read faulting driver name



READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80001dfa0b0
fffffa8006416e0b

FAULTING_IP:
nt!MiAgeWorkingSet+2b2
fffff800`01ce9a82 8a411b mov al,byte ptr [rcx+1Bh]

MM_INTERNAL_CODE: 2

CUSTOMER_CRASH_COUNT: 4

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 0

TRAP_FRAME: fffff98000c587f0 -- (.trap 0xfffff98000c587f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000001c754 rbx=0000000000000000 rcx=fffffa8006416df0
rdx=fffff80001d9b3e0 rsi=0000000000000000 rdi=fffff80001d45bf0
rip=fffff80001ce9a82 rsp=fffff98000c58980 rbp=000000000000003d
r8=fffffa800350bf00 r9=0000000000000003 r10=000000000000001b
r11=00000000071d7000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!MiAgeWorkingSet+0x2b2:
fffff800`01ce9a82 8a411b mov al,byte ptr [rcx+1Bh] ds:fffffa80`06416e0b=??
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80001c539a9 to fffff80001c4dc90

STACK_TEXT:
fffff980`00c586e8 fffff800`01c539a9 : 00000000`00000050 fffffa80`06416e0b 00000000`00000000 fffff980`00c587f0 : nt!KeBugCheckEx
fffff980`00c586f0 fffff800`01c4c819 : 00000000`00000000 fffff800`01d45b40 00000000`00000000 fffff800`01d3debd : nt!MmAccessFault+0x509
fffff980`00c587f0 fffff800`01ce9a82 : fffff700`00081488 e3e00000`2db8e867 00000003`00000000 00000000`00000001 : nt!KiPageFault+0x119
fffff980`00c58980 fffff800`01d07c77 : fffffa80`0350bf00 00000000`00000001 fffff980`00c58bb0 fffff980`00c58be0 : nt!MiAgeWorkingSet+0x2b2
fffff980`00c58b40 fffff800`01c679b7 : fffffa80`000001b1 00000000`00000002 fffff800`01d86508 00000000`00000000 : nt!MiProcessWorkingSets+0x217
fffff980`00c58bb0 fffff800`01c67782 : fffffa80`00c90900 00000000`00000001 00000000`00000004 00000000`00000008 : nt!MmWorkingSetManager+0x1d7
fffff980`00c58c10 fffff800`01ee196b : fffffa80`00c909b0 00000000`00000080 00000000`00000000 00000000`00000001 : nt!KeBalanceSetManager+0x11f
fffff980`00c58d50 fffff800`01c34656 : fffff800`01d4a980 fffffa80`00c909b0 fffff800`01d4fc80 fffff800`01d500d0 : nt!PspSystemThreadStartup+0x5b
fffff980`00c58d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!MiAgeWorkingSet+2b2
fffff800`01ce9a82 8a411b mov al,byte ptr [rcx+1Bh]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: nt!MiAgeWorkingSet+2b2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP: 470c35b4

IMAGE_NAME: memory_corruption

FAILURE_BUCKET_ID: X64_0x50_nt!MiAgeWorkingSet+2b2

BUCKET_ID: X64_0x50_nt!MiAgeWorkingSet+2b2

Followup: MachineOwner
---------

 

[daveybrat]

So you're telling me that an Inwin Powerman 350watt power supply that sells for $20-$25 and comes with most low-end Inwin cases is fine for what he's running? I use that power supply everyday in my shop as it comes with most of my cases. It's fine for most of my low-end pc's, but i would never use it with my higher end pc's such as the op's.

 

[dclive]

Lots of different dumps over the course of a day or two, lots of different error codes, no consistency.

That's characteristic of hardware issues. Return the system to your hardware vendor so they can address the issue and replace the bad component.

 

[dclive]

Originally posted by: daveybrat
So you're telling me that an Inwin Powerman 350watt power supply that sells for $20-$25 and comes with most low-end Inwin cases is fine for what he's running? I use that power supply everyday in my shop as it comes with most of my cases. It's fine for most of my low-end pc's, but i would never use it with my higher end pc's such as the op's.

Yep, that's what I'm saying.

I don't consider the OP's a terribly high-end PC. What makes it high end? The 8800? Did you read what he's doing during crashes? The 8800 is idle, and the PSU isn't stressed.

If he's bored, sure, he can replace it, but it's vastly more likely the issue is due to CPU, motherboard, RAM combo than PSU. He isn't coming even close to stressing the PSU, not by a long shot!

Did you read those AT articles on 8800 PSU usage? You'd be surprised at how little power the 8800GTS actually requires - 300W, as I've said before, with my Q6600, worked just fine, thanks....with a LOT more hardware than the OP has.

 

[BigBabyMoses06]

So contact newegg with the issue?

 

[BigBabyMoses06]

I just tried staggering the memory, and it worked beautifully on COD4. The game however crashed, maybe 10 mins into it.

 

[BigBabyMoses06]

ok, just had another crash. Runing the two mems staged.
Was getting serveres from COD4, let it sit for 2 mins to collect servers, then bluescreen o death.

Microsoft (R) Windows Debugger Version 6.8.0004.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\Mini010408-05.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\debug*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Vista Kernel Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6000.16575.amd64fre.vista_gdr.071009-1548
Kernel base = 0xfffff800`01c00000 PsLoadedModuleList = 0xfffff800`01d9af70
Debug session time: Fri Jan 4 22:46:41.100 2008 (GMT-8)
System Uptime: 0 days 0:56:56.988
Loading Kernel Symbols
.............................................................................................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffff88202b1f950, 1, fffff80001ed61ed, 5}


Could not read faulting driver name


Probably caused by : ntkrnlmp.exe ( nt!FsRtlTeardownPerStreamContexts+6d )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff88202b1f950, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff80001ed61ed, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000005, (reserved)

Debugging Details:
------------------


Could not read faulting driver name



WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80001dfa0b0
fffff88202b1f950

FAULTING_IP:
nt!FsRtlTeardownPerStreamContexts+6d
fffff800`01ed61ed 48894808 mov qword ptr [rax+8],rcx

MM_INTERNAL_CODE: 5

CUSTOMER_CRASH_COUNT: 5

DEFAULT_BUCKET_ID: COMMON_SYSTEM_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: System

CURRENT_IRQL: 0

TRAP_FRAME: fffff98000cc8800 -- (.trap 0xfffff98000cc8800)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff88202b1f948 rbx=fffffa8002541010 rcx=fffff88002b1f948
rdx=0000000000000009 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80001ed61ed rsp=fffff98000cc8990 rbp=fffffa8002bf2180
r8=0000000000000003 r9=fffffffffffba010 r10=0000000000000155
r11=fffff88002b1f910 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!FsRtlTeardownPerStreamContexts+0x6d:
fffff800`01ed61ed 48894808 mov qword ptr [rax+8],rcx ds:5c50:fffff882`02b1f950=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80001c53962 to fffff80001c4dc90

STACK_TEXT:
fffff980`00cc86f8 fffff800`01c53962 : 00000000`00000050 fffff882`02b1f950 00000000`00000001 fffff980`00cc8800 : nt!KeBugCheckEx
fffff980`00cc8700 fffff800`01c4c819 : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0x4c2
fffff980`00cc8800 fffff800`01ed61ed : 00000000`00000000 fffff980`008a2d7e fffff880`02b1fa40 fffff880`02a5e010 : nt!KiPageFault+0x119
fffff980`00cc8990 fffff980`00944e46 : fffff880`02b1f910 fffff980`00cc8a78 00000000`00000705 fffff880`044e7900 : nt!FsRtlTeardownPerStreamContexts+0x6d
fffff980`00cc89e0 fffff980`008a2399 : fffff880`02a5e428 fffff880`02b1f7e0 00000000`00000000 fffff880`02a5e398 : Ntfs!NtfsDeleteScb+0xe6
fffff980`00cc8a20 fffff980`009472eb : fffff880`02b1f7e0 fffff880`02b1f910 fffff880`02b1f700 fffff880`02a5e398 : Ntfs!NtfsPrepareFcbForRemoval+0x89
fffff980`00cc8a70 fffff980`00893aa2 : fffffa80`02541010 fffff980`00cc8c68 fffff880`02b1fb68 fffff880`02b1f7e0 : Ntfs!NtfsTeardownStructures+0x8b
fffff980`00cc8b00 fffff980`00928213 : fffff980`00cc8c68 fffff800`01d68980 fffff880`02b1f7e0 00000000`6446744e : Ntfs!NtfsDecrementCloseCounts+0xa2
fffff980`00cc8b40 fffff980`00948647 : fffffa80`02541010 fffff880`02b1f910 fffff880`02b1f7e0 fffffa80`02bf2180 : Ntfs!NtfsCommonClose+0x333
fffff980`00cc8c10 fffff800`01c59da3 : 00000000`00000000 fffff800`01d68900 fffffa80`01fcb101 00000000`00000002 : Ntfs!NtfsFspClose+0x167
fffff980`00cc8ce0 fffff800`01ee196b : fffff980`008e5dc8 00000000`00000000 fffffa80`01889720 00000000`00000001 : nt!ExpWorkerThread+0x12a
fffff980`00cc8d50 fffff800`01c34656 : fffff980`00a63180 fffffa80`01889720 fffff980`00a6cc40 fffffa80`01889bb0 : nt!PspSystemThreadStartup+0x5b
fffff980`00cc8d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!FsRtlTeardownPerStreamContexts+6d
fffff800`01ed61ed 48894808 mov qword ptr [rax+8],rcx

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: nt!FsRtlTeardownPerStreamContexts+6d

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 470c35b4

FAILURE_BUCKET_ID: X64_0x50_W_nt!FsRtlTeardownPerStreamContexts+6d

BUCKET_ID: X64_0x50_W_nt!FsRtlTeardownPerStreamContexts+6d

Followup: MachineOwner
---------

 

[dclive]

Reposting original analysis:
Lots of different dumps over the course of a day or two, lots of different error codes, no consistency.

That's characteristic of hardware issues. Return the system to your hardware vendor so they can address the issue and replace the bad component.