locked
blue screen, windows 7 RRS feed

  • Question

  • Two BSODs happened within a month, up to now I'm clueless as to what caused the Blue screens. Here are the two minidumps:

     

    http://cid-fd48b4aea53fd40c.office.live.com/self.aspx/.Public/071910-19765-01.dmp

    http://cid-fd48b4aea53fd40c.office.live.com/self.aspx/.Public/081610-19983-01.dmp

    Any help would be very much appreciated

     

    Wednesday, August 18, 2010 2:12 AM

Answers

  • You may boot in Clean Boot Mode as BSOD can be caused by programs that are running in kernel mode.

    Perform a clean startup to determine whether background programs are interfering with your game or program

    If the issue persists in Clean Boot Mode you can try to check the driver signature. To do so, in Start Search box enter sigverif.exe. Then click the start button in “File Signature Verification”. In the result list, please pick up *.sys files, rename one of them and then shut down or restart to check if the issue still occurs. If the issue persists, rename another *.sys file listed in the result of driver signature verifying, and check result again. By doing so we can determine which un-singed driver is the root cause.

    Another way is enable muni-dump and use Windbg. Please refer:

    How to read the small memory dump files that Windows creates for debugging

    You may paste the result in your next post for analyzing.

    Meantime I suggest you upgrade your BIOS with the latest update.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    • Marked as answer by Arthur Xie Friday, August 27, 2010 9:27 AM
    Friday, August 20, 2010 3:43 AM

All replies

  • It appears that this was caused by a memory violation by the driver
    avipbb.sys. Based on what I am finding on Google, this is the driver
    used by an antivirus distributed by Avira. You might try updating this
    AV, and if the error persists uninstall the AV and use a free AV like
    Microsoft Security Essentials,
     
     
    *******************************************************************************
    *
          *
    *                        Bugcheck Analysis
          *
    *
          *
    *******************************************************************************
     
    KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003.  This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG.  This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG.  This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: 8e3c4dbe, The address that the exception occurred at
    Arg3: ba9a94a0, Trap Frame
    Arg4: 00000000
     
    Debugging Details:
    ------------------
     EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx
    referenced memory at 0x%08lx. The memory could not be %s.
     
    FAULTING_IP:
    avipbb+3dbe
    8e3c4dbe 8b4804          mov     ecx,dword ptr [eax+4]
     
    TRAP_FRAME:  ba9a94a0 -- (.trap 0xffffffffba9a94a0)
    ErrCode = 00000000
    eax=00000000 ebx=ba9a9560 ecx=bb99e348 edx=00000000 esi=69425641
    edi=95939600
    eip=8e3c4dbe esp=ba9a9514 ebp=ba9a953c iopl=0         nv up ei pl nz ac
    pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000
    efl=00010216
    avipbb+0x3dbe:
    8e3c4dbe 8b4804          mov     ecx,dword ptr [eax+4]
    ds:0023:00000004=????????
    Resetting default scope
     
    CUSTOMER_CRASH_COUNT:  1
     
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
     
    BUGCHECK_STR:  0x8E
     
    PROCESS_NAME:  iexplore.exe
     
    CURRENT_IRQL:  0
     
    LAST_CONTROL_TRANSFER:  from 8305c278 to 8e3c4dbe
     
    STACK_TEXT:
    WARNING: Stack unwind information not available. Following frames may be
    wrong.
    ba9a953c 8305c278 857ca618 000011a4 009a9560 avipbb+0x3dbe
    ba9a95f4 8305b563 857ca330 017ca618 ba9a9650 nt!PspInsertThread+0x5be
    ba9a9d00 82e4844a 07f2fb4c 07f2fb50 02000000 nt!NtCreateUserProcess+0x742
    ba9a9d00 772164f4 07f2fb4c 07f2fb50 02000000 nt!KiFastCallEntry+0x12a
    07f2fad4 00000000 00000000 00000000 00000000 0x772164f4
     STACK_COMMAND:  kb
     
    FOLLOWUP_IP:
    avipbb+3dbe
    8e3c4dbe 8b4804          mov     ecx,dword ptr [eax+4]
     
    SYMBOL_STACK_INDEX:  0
     
    SYMBOL_NAME:  avipbb+3dbe
     
    FOLLOWUP_NAME:  MachineOwner
     
    MODULE_NAME: avipbb
     
    IMAGE_NAME:  avipbb.sys
     
    DEBUG_FLR_IMAGE_TIMESTAMP:  4b879d56
     
    FAILURE_BUCKET_ID:  0x8E_avipbb+3dbe
     
    BUCKET_ID:  0x8E_avipbb+3dbe
     
    Followup: MachineOwner
    ---------
     
    0: kd> .trap 0xffffffffba9a94a0
    ErrCode = 00000000
    eax=00000000 ebx=ba9a9560 ecx=bb99e348 edx=00000000 esi=69425641
    edi=95939600
    eip=8e3c4dbe esp=ba9a9514 ebp=ba9a953c iopl=0         nv up ei pl nz ac
    pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000
    efl=00010216
    avipbb+0x3dbe:
    8e3c4dbe 8b4804          mov     ecx,dword ptr [eax+4]
    ds:0023:00000004=????????
    0: kd> kv
      *** Stack trace for last set context - .thread/.cxr resets it
    ChildEBP RetAddr  Args to Child
    WARNING: Stack unwind information not available. Following frames may be
    wrong.
    ba9a953c 8305c278 857ca618 000011a4 009a9560 avipbb+0x3dbe
    ba9a95f4 8305b563 857ca330 017ca618 ba9a9650 nt!PspInsertThread+0x5be
    ba9a9d00 82e4844a 07f2fb4c 07f2fb50 02000000 nt!NtCreateUserProcess+0x742
    ba9a9d00 772164f4 07f2fb4c 07f2fb50 02000000 nt!KiFastCallEntry+0x12a
    (FPO: [0,3] TrapFrame @ ba9a9d34)
    07f2fad4 00000000 00000000 00000000 00000000 0x772164f4
     
    *******************************************************************************
    *
          *
    *                        Bugcheck Analysis
          *
    *
          *
    *******************************************************************************
     
    KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
    This is a very common bugcheck.  Usually the exception address pinpoints
    the driver/function that caused the problem.  Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003.  This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG.  This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but ...
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG.  This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: 8e5a0dbe, The address that the exception occurred at
    Arg3: 855f34a0, Trap Frame
    Arg4: 00000000
     
    Debugging Details:
    ------------------
     EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx
    referenced memory at 0x%08lx. The memory could not be %s.
     
    FAULTING_IP:
    avipbb+3dbe
    8e5a0dbe 8b4804          mov     ecx,dword ptr [eax+4]
     
    TRAP_FRAME:  855f34a0 -- (.trap 0xffffffff855f34a0)
    ErrCode = 00000000
    eax=00000000 ebx=855f3560 ecx=b8f73d00 edx=00000000 esi=69425641
    edi=b102dbb8
    eip=8e5a0dbe esp=855f3514 ebp=855f353c iopl=0         nv up ei pl nz ac
    pe nc
    cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000
    efl=00010216
    avipbb+0x3dbe:
    8e5a0dbe 8b4804          mov     ecx,dword ptr [eax+4]
    ds:0023:00000004=????????
    Resetting default scope
     
    CUSTOMER_CRASH_COUNT:  1
     
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
     
    BUGCHECK_STR:  0x8E
     
    PROCESS_NAME:  iexplore.exe
     
    CURRENT_IRQL:  0
     
    LAST_CONTROL_TRANSFER:  from 830ac2c6 to 8e5a0dbe
     
    STACK_TEXT:
    WARNING: Stack unwind information not available. Following frames may be
    wrong.
    855f353c 830ac2c6 853dd4c0 00001574 005f3560 avipbb+0x3dbe
    855f35f4 830ab5af 85765a60 013dd4c0 855f3650 nt!PspInsertThread+0x5c0
    855f3d00 82e9844a 0491fcd8 0491fcdc 02000000 nt!NtCreateUserProcess+0x742
    855f3d00 77bb64f4 0491fcd8 0491fcdc 02000000 nt!KiFastCallEntry+0x12a
    0491fc60 00000000 00000000 00000000 00000000 0x77bb64f4
     STACK_COMMAND:  kb
     
    FOLLOWUP_IP:
    avipbb+3dbe
    8e5a0dbe 8b4804          mov     ecx,dword ptr [eax+4]
     
    SYMBOL_STACK_INDEX:  0
     
    SYMBOL_NAME:  avipbb+3dbe
     
    FOLLOWUP_NAME:  MachineOwner
     
    MODULE_NAME: avipbb
     
    IMAGE_NAME:  avipbb.sys
     
    DEBUG_FLR_IMAGE_TIMESTAMP:  4b879d56
     
    FAILURE_BUCKET_ID:  0x8E_avipbb+3dbe
     
    BUCKET_ID:  0x8E_avipbb+3dbe
     
    Followup: MachineOwner
    ---------
     

    -- Mike Burr
    • Proposed as answer by Andre.Ziegler Friday, August 20, 2010 1:10 PM
    Wednesday, August 18, 2010 6:38 PM
  • @ Mike : What do you use to extract the information from the memory dump files ? I have endless memory dumps arising on the same kind of machines in my enterprise environment and need to have it looked at. It would be very helpful if you can tell what do you use so I can find the common similarity between our work machines on Win 7 platform.

    Cheers


    "Do it yourself, before you think someone else will" - Mani Babbar - 18.08.10
    Wednesday, August 18, 2010 9:41 PM
  • Open it with WinDbg.exe:

    http://www.microsoft.com/whdc/devtools/debugging/default.mspx


    "A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/
    Wednesday, August 18, 2010 10:40 PM
  • You may boot in Clean Boot Mode as BSOD can be caused by programs that are running in kernel mode.

    Perform a clean startup to determine whether background programs are interfering with your game or program

    If the issue persists in Clean Boot Mode you can try to check the driver signature. To do so, in Start Search box enter sigverif.exe. Then click the start button in “File Signature Verification”. In the result list, please pick up *.sys files, rename one of them and then shut down or restart to check if the issue still occurs. If the issue persists, rename another *.sys file listed in the result of driver signature verifying, and check result again. By doing so we can determine which un-singed driver is the root cause.

    Another way is enable muni-dump and use Windbg. Please refer:

    How to read the small memory dump files that Windows creates for debugging

    You may paste the result in your next post for analyzing.

    Meantime I suggest you upgrade your BIOS with the latest update.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    • Marked as answer by Arthur Xie Friday, August 27, 2010 9:27 AM
    Friday, August 20, 2010 3:43 AM
  • Andre is right, WinDbg is usually the best tool to use for these, here
    is a KB that describes the process partially,
     
     

    -- Mike Burr
    Friday, August 20, 2010 3:22 PM