Please help with BSOD

#1
Hi all please can anyone help me with this issue of random crashes .... please see debug file analysis below ....


Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\Minidump\091013-26145-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18205.amd64fre.win7sp1_gdr.130708-1532
Machine Name:
Kernel base = 0xfffff800`02a06000 PsLoadedModuleList = 0xfffff800`02c496d0
Debug session time: Tue Sep 10 18:47:33.249 2013 (UTC + 1:00)
System Uptime: 0 days 0:24:35.122
Loading Kernel Symbols
...............................................................
................................................................
.............
Loading User Symbols
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {91, 0, fffffa80036bf060, 0}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4884 )
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
the operating system. The only supported way to extend a kernel
mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000000
Arg3: fffffa80036bf060
Arg4: 0000000000000000
Debugging Details:
------------------

BUGCHECK_STR: 0xc4_91
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 0
EXCEPTION_RECORD: fffff88008db4b78 -- (.exr 0xfffff88008db4b78)
ExceptionAddress: 0000000076f403ba
ExceptionCode: 80000004 (Single step exception)
ExceptionFlags: 00000000
NumberParameters: 0
TRAP_FRAME: fffff88008db4210 -- (.trap 0xfffff88008db4210)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000007ffffff0000 rbx=0000000000000000 rcx=00000000000005b8
rdx=0000000002d503e8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ab66f4 rsp=fffff88008db43a0 rbp=fffff88008db48d0
r8=0000000002d50300 r9=fffff88008db43d0 r10=fffff88008db43d0
r11=fffff88008db4390 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!KiDispatchException+0x348:
fffff800`02ab66f4 418a06 mov al,byte ptr [r14] ds:00000000`00000000=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002ad24ea to fffff80002a7bb80
STACK_TEXT:
fffff880`08db3268 fffff800`02ad24ea : 00000000`000000c4 00000000`00000091 00000000`00000000 fffffa80`036bf060 : nt!KeBugCheckEx
fffff880`08db3270 fffff800`02aa5153 : 00000000`00000000 fffff800`02d66f07 fffff880`00000003 fffffa80`02f44210 : nt! ?? ::FNODOBFM::`string'+0x4884
fffff880`08db32b0 fffff800`02ab64e1 : fffff880`08db4168 fffff880`08db3ec0 fffff880`08db4210 00000000`003710b0 : nt!RtlDispatchException+0x33
fffff880`08db3990 fffff800`02a7b202 : fffff880`08db4168 fffff880`08db4b78 fffff880`08db4210 fffff880`08db4c20 : nt!KiDispatchException+0x135
fffff880`08db4030 fffff800`02a79d7a : 00000000`00000000 00000000`02d4fe30 fffff880`08db4600 fffff880`08db4b78 : nt!KiExceptionDispatch+0xc2
fffff880`08db4210 fffff800`02ab66f4 : fffff880`08db4b78 fffff880`08db48d0 fffff880`08db4c20 00000000`003710b0 : nt!KiPageFault+0x23a
fffff880`08db43a0 fffff800`02a7b202 : fffff880`08db4b78 00000000`76ff45e8 fffff880`08db4c20 00000000`76ff45c0 : nt!KiDispatchException+0x348
fffff880`08db4a40 fffff800`02a78ba2 : fffffa80`036bf060 00000000`76ff45c0 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`08db4c20 00000000`76f403ba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDebugTrapOrFault+0x1a2
00000000`02d503e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76f403ba

STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+4884
fffff800`02ad24ea cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+4884
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 51db806a
FAILURE_BUCKET_ID: X64_0xc4_91_nt!_??_::FNODOBFM::_string_+4884
BUCKET_ID: X64_0xc4_91_nt!_??_::FNODOBFM::_string_+4884
Followup: MachineOwner
---------
 


#2
Am trying to upload the files you request in FAQ but it wont let me upload a rar file type ??
 


#3
Ok so I've changed the file extention to .txt so it will let me upload please rename to .rar in order to see the files .... really appreciate if some one cast an expert eye in my direction .... cheers
 


Attachments

Pauli

Extraordinary Member
Premium Supporter
#4
You could try a registry cleaning / fix with CCleaner, or Free Window Registry Repair, http://www.regsofts.com/free_registry_repair/registry_repair.htm

In fact, the problem could be caused by many issues. I can't get your txt to show in clear text. Please, just send the dmp file as it is.

If it is a recent problem, you could try to locate it by time, and use a restoration point before the problem occurred. Hardware changes?
 


#5
Hi Pauli .... if you want to see the files just rename the .txt extention to .rar as this site wont allow upload of rar files for some reason. Ive tried all the restorepoints etc and also reinstalled the machine from scratch. Was hoping someone on here knew how to read and diagnose the dump files ...
 


Pauli

Extraordinary Member
Premium Supporter
#6
I'm bound to think it is an issue of video card drivers, you could try to update them, or downdate them. Also, this kind of problems have been noticed when running 32-bit programs together with 64-bit ones. The use of a restoration point might not be the worst of ideas. Perhaps the most important thing could be to scratch your head, in order to figure when the problems started? No offense here, ;).
 


#7
None taken Pauli ! .... I was under the impression there where folks on here that could interpret and pin point exact issue based on the files posted ...... I done all the usual generic clean-ups driver updates etc ..... no worries I will look elsewhere .... thanks
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.