Another Windows 7 BSOD issue

[Dr. Seuss]

Hey guys, I've gotten these BSOD in the past 10 days and have had a bit of a look but I'm no expert, so nothing really stands out to me. If someone could have a bit of a look that would be great



Most recent BSOD.

Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\052910-14040-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*
h t t p ://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02c56000 PsLoadedModuleList = 0xfffff800`02e93e50
Debug session time: Sat May 29 22:23:58.524 2010 (GMT+10)
System Uptime: 0 days 13:00:59.507
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
.............
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C2, {99, fffffa800d370550, 0, 0}

Probably caused by : ntkrnlmp.exe ( nt!PfSnPrefetchSections+494 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 0000000000000099, Attempt to free pool with invalid address (or corruption in pool header)
Arg2: fffffa800d370550, Address being freed
Arg3: 0000000000000000, 0
Arg4: 0000000000000000, 0

Debugging Details:
------------------


FAULTING_IP:
nt!PfSnPrefetchSections+494
fffff800`03123374 833e00 cmp dword ptr [rsi],0

BUGCHECK_STR: 0xc2_99

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: iexplore.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff800031503dc to fffff80002cc6600

STACK_TEXT:
fffff880`0b92a4e8 fffff800`031503dc : 00000000`000000c2 00000000`00000099 fffffa80`0d370550 00000000`00000000 : nt!KeBugCheckEx
fffff880`0b92a4f0 fffff800`02d7d101 : 00000000`000007ff 00000000`000000a0 fffff8a0`2a26e6d0 00000000`00000000 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`0b92a530 fffff800`02df9698 : fffffa80`0d370540 00000000`000008c0 00000000`0000007e fffff800`02ccb7bc : nt!VerifierFreeTrackedPool+0x41
fffff880`0b92a570 fffff800`03123374 : 00000000`0000097f 00000000`00000000 fffffa80`4c506343 00000000`4c506343 : nt!ExFreePool+0xd69
fffff880`0b92a620 fffff800`0312353d : fffff880`0b92a740 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PfSnPrefetchSections+0x494
fffff880`0b92a710 fffff800`0312397f : 00000069`f736a0bb fffffa80`16d7ab30 fffff8a0`2a283000 00000000`c00000ce : nt!PfSnPrefetchScenario+0x16d
fffff880`0b92a980 fffff800`02f1c11f : 00000000`00000000 00000000`f4fb5d2d fffffa80`0d44f190 00000000`00000000 : nt!PfSnBeginAppLaunch+0x35f
fffff880`0b92aa50 fffff800`02f95130 : fffffa80`0d305060 fffffa80`0d44f190 00000000`14050800 00000000`7efde000 : nt! ?? ::NNGAKEGL::`string'+0x503f0
fffff880`0b92aa80 fffff800`02ca4c35 : fffff880`009b2180 00000000`00000000 fffff800`02f95034 fffffa80`0d305060 : nt!PspUserThreadStartup+0xfc
fffff880`0b92aae0 fffff800`02ca4bb7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartUserThread+0x16
fffff880`0b92ac20 00000000`77353260 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartUserThreadReturn
00000000`001df8d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77353260


STACK_COMMAND: kb

FOLLOWUP_IP:
nt!PfSnPrefetchSections+494
fffff800`03123374 833e00 cmp dword ptr [rsi],0

SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: nt!PfSnPrefetchSections+494

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4b88cfeb

FAILURE_BUCKET_ID: X64_0xc2_99_nt!PfSnPrefetchSections+494

BUCKET_ID: X64_0xc2_99_nt!PfSnPrefetchSections+494

Followup: MachineOwner
---------




Second BSOD.


Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\052710-14632-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*
h t t p ://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02c64000 PsLoadedModuleList = 0xfffff800`02ea1e50
Debug session time: Thu May 27 22:31:22.459 2010 (GMT+10)
System Uptime: 0 days 0:30:52.443
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
...........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck DE, {2, fffff8a00d402b90, fffff8a00d402b91, 4ec0e8c2}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+2d2a0 )

Followup: MachineOwner
---------

6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

POOL_CORRUPTION_IN_FILE_AREA (de)
A driver corrupted pool memory used for holding pages destined for disk.
This was discovered by the memory manager when dereferencing the file.
Arguments:
Arg1: 0000000000000002
Arg2: fffff8a00d402b90
Arg3: fffff8a00d402b91
Arg4: 000000004ec0e8c2

Debugging Details:
------------------


CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xDE

PROCESS_NAME: spoolsv.exe

CURRENT_IRQL: 2

LAST_CONTROL_TRANSFER: from fffff80002c793d3 to fffff80002cd4600

STACK_TEXT:
fffff880`0998ed58 fffff800`02c793d3 : 00000000`000000de 00000000`00000002 fffff8a0`0d402b90 fffff8a0`0d402b91 : nt!KeBugCheckEx
fffff880`0998ed60 fffff800`02cb9a6e : 00000000`00000000 fffffa80`0bcbca00 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x2d2a0
fffff880`0998ee50 fffff880`012af447 : fffffa80`0b9e6c88 00000000`00000000 fffff8a0`00000000 00000000`00000000 : nt!CcPurgeCacheSection+0x172
fffff880`0998eec0 fffff880`012c8c0a : fffff880`0998f730 fffff8a0`0d3f4010 fffff8a0`0d235140 fffff880`0998f1bc : Ntfs!NtfsDeleteFile+0x57b
fffff880`0998f140 fffff880`01236aa9 : 00000000`00000000 fffff880`0112578c fffff880`0998f690 fffff880`0997e000 : Ntfs!NtfsCommonCleanup+0x15da
fffff880`0998f550 fffff800`02ce3d4a : fffff880`0998f690 00000000`00000002 fffffa80`0ce66800 fffff800`02e092dd : Ntfs!NtfsCommonCleanupCallout+0x19
fffff880`0998f580 fffff880`01236662 : fffff880`01236a90 fffff880`0998f690 fffff880`0998f900 00000000`00000000 : nt!KeExpandKernelStackAndCalloutEx+0xda
fffff880`0998f660 fffff880`012d8244 : fffff880`0998f730 fffff880`0998f730 fffff880`0998f730 00000000`00000000 : Ntfs!NtfsCommonCleanupOnNewStack+0x42
fffff880`0998f6d0 fffff880`010db23f : fffff880`0998f730 fffffa80`0b998c10 fffffa80`0b998fb0 fffffa80`0b981010 : Ntfs!NtfsFsdCleanup+0x144
fffff880`0998f940 fffff880`010d96df : fffffa80`0a7079e0 00000000`00000000 fffffa80`0a5a8600 fffffa80`0b998c10 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`0998f9d0 fffff800`02feb9af : fffffa80`0b998c10 fffffa80`0c7e4b30 00000000`00000000 fffffa80`0a910790 : fltmgr!FltpDispatch+0xcf
fffff880`0998fa30 fffff800`02fd1604 : 00000000`00000000 fffffa80`0c7e4b30 fffffa80`0b990100 fffffa80`0a910790 : nt!IopCloseFile+0x11f
fffff880`0998fac0 fffff800`02feb4a1 : fffffa80`0c7e4b30 fffffa80`00000001 fffff8a0`01586770 00000000`00000000 : nt!ObpDecrementHandleCount+0xb4
fffff880`0998fb40 fffff800`02feb3b4 : 00000000`000007c8 fffffa80`0c7e4b30 fffff8a0`01586770 00000000`000007c8 : nt!ObpCloseHandleTableEntry+0xb1
fffff880`0998fbd0 fffff800`02cd3853 : fffffa80`0b83b060 fffff880`0998fca0 00000000`0047ec00 00000000`0047ec58 : nt!ObpCloseHandle+0x94
fffff880`0998fc20 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13


STACK_COMMAND: kb

FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+2d2a0
fffff800`02c793d3 cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+2d2a0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4b88cfeb

FAILURE_BUCKET_ID: X64_0xDE_nt!_??_::FNODOBFM::_string_+2d2a0

BUCKET_ID: X64_0xDE_nt!_??_::FNODOBFM::_string_+2d2a0

Followup: MachineOwner
---------




First BSO



Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\052110-13618-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*
h t t p ://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02c1a000 PsLoadedModuleList = 0xfffff800`02e57e50
Debug session time: Fri May 21 21:24:31.802 2010 (GMT+10)
System Uptime: 0 days 1:33:33.786
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {5003, fffff70001080000, 6ee6, 70c50000d5cc}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+21b86 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000005003, The subtype of the bugcheck.
Arg2: fffff70001080000
Arg3: 0000000000006ee6
Arg4: 000070c50000d5cc

Debugging Details:
------------------


BUGCHECK_STR: 0x1a_5003

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: iexplore.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff80002cf28c6 to fffff80002c8a600

STACK_TEXT:
fffff880`0bb76a68 fffff800`02cf28c6 : 00000000`0000001a 00000000`00005003 fffff700`01080000 00000000`00006ee6 : nt!KeBugCheckEx
fffff880`0bb76a70 fffff800`02ca4f2c : fffff680`000a4ce8 fffff880`0bb76b40 00000000`00000000 ffffffff`ffffffff : nt! ?? ::FNODOBFM::`string'+0x21b86
fffff880`0bb76ac0 fffff800`02c886ee : 00000000`00000001 00000000`00000002 00000000`166a8001 00000000`14925fb0 : nt!MmAccessFault+0xc4c
fffff880`0bb76c20 00000000`6b4a7a47 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x16e
00000000`02cdd580 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x6b4a7a47


STACK_COMMAND: kb

FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+21b86
fffff800`02cf28c6 cc int 3

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+21b86

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4b88cfeb

FAILURE_BUCKET_ID: X64_0x1a_5003_nt!_??_::FNODOBFM::_string_+21b86

BUCKET_ID: X64_0x1a_5003_nt!_??_::FNODOBFM::_string_+21b86

Followup: MachineOwner
---------


Any help would be great guys.

 

[Dr. Seuss]

..........Bump..........

 

[Route44]

From your error codes the issue is with a driver (or drivers). The problem is no specific driver or drivers were cited only Windows OS drivers which are too general and do not lead to a diagnosis.

 

[Dr. Seuss]

Thanks. Should I remove the drivers one by one and reinstall them until I run into trouble? That seems to be the method I know about to try to narrow it down.

 

[Route44]

When do the BSODs occur, i.e. are you doing anything specific or are they random? Have you scanned for infections?