locked
Random BSOD RRS feed

  • Question

  • I have been trying to get this solved for some time now, but with little success.

    I have a jcgriff2 report, but I do not know how to upload it here.

    Any assistance would be greatly appreciated.

    Thanks

    Fred

    Sunday, February 12, 2012 10:59 PM

Answers

  • Hi Juke

    Thanks for your detailed response.

    I beleive I have found the issue, and my info , may assist others.

    The issue is the Realtek High Definition Audio device and the associated realtek driver MBfilt64.sys

    I have an Asus G53SW with Win 7 64bit

    When I disbale this device through device manager, under sound video and game controllers, and the try to enable, I get BSOD.

    Action I have taken;

    1. Go to C:\windows\system32\drivers\  find the file MBfilt64.sys and rename to MBfilt64.old

    2. Open device manager, by typing "device manager' in the Start search programs and file. 

    3. Under sound video and game controllers, I selected Reaktek High Definition Audio.  I disbaled the device by right click select "disable". Then right click on it again, and select properties > driver tab > unistall driver (advanced) > check delete driver software for this device.

    4. I then restarted. Windows 7 reinstalls Realtek Audio, with Microsoft drivers (I presume), as the driver MBfilt64.sys is no longer in the drivers folder.

    So far no more BSOD.

    Hope this helps and I will repost if this do not solve my BSOD.

    Again, thanks for your help Juke.

    Cheers

    Fred

    • Marked as answer by fredbv Thursday, February 23, 2012 8:23 AM
    Thursday, February 23, 2012 8:23 AM

All replies

  • Better to take it to the originator of the scanner for help Fred: http://www.techsupportforum.com/forums/f299/
    Monday, February 13, 2012 4:56 AM
  • Hello,

    Please use Microsoft Skydrive to upload dump files (c:\windows\minidump). Once done, post a link here.

    If you want to debug dump files by yourself, refer to that: http://support.microsoft.com/kb/315263

    You can also contact Microsoft CSS for assistance.



    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    Monday, February 13, 2012 8:14 PM
  • Hi Mr X

    Here is the link to the zip file containing the minidump files:

    https://skydrive.live.com/embed?cid=30288E1EA0E65A7B&resid=30288E1EA0E65A7B%21117&authkey=AK06puW5Dxo9EnA

    Thanks for your assistance.

    Fred

    Monday, February 13, 2012 9:07 PM
  • Hi,

    After examing the dump file, I find the bugcheck code is 0x0000001A. This indicates that a severe memory management error occurred.

    The following actions might prevent an error like this from happening again:
     1.Download and install updates and device drivers for your computer from Windows Update.
     2.Scan your computer for computer viruses.
     3.Check your hard disk for errors.


    Juke Chou

    TechNet Community Support

    Tuesday, February 14, 2012 8:11 AM
  • I see 3 dumpfiles:

    0xA IRQL_NOT_LESS_OR_EQUAL, Usual causes:  Kernel mode driver, System Service, BIOS, Windows, Virus scanner, Backup tool, compatibility
    0x1A MEMORY_MANAGEMENT, Usual causes:  Device driver, memory, kernel

    0xD1 DRIVER_IRQL_NOT_LESS_OR_EQUAL, Usual causes:  Device driver

    4 drivers loaded that I consider need updating as being likely culprits (there are several others that are less likely):

    ASMMAP64.sys, LENOVO ATK Hotkey ATK0101 ACPI UTILITY http://www-307.ibm.com/pc/support/site.wss/homeLenovo.do (predates W7's release)

    GEARAspiWDM.sys CD-ROM Class Filter Driver by Gear Software Also comes with iTunes http://www.gearsoftware.com (predates W7's release)

    FLxHCIc.sys Fresco Logic xHCI (USB3) Device Driver OEM driver - from the motherboard maker?

    atkwmiacpi64.sys ASUS ACPI utility

    2 of the dumps appear to have USB implicated, 1 has Carbonite as running (backup over USB(3)?). All 3 could have been caused by poor power management, possibly because of a buggy BIOS.

    Hardware, esp. memory, hard drive, PSU and motherboard also need testing as they could be part of this. Any hardware error will trigger driver and software errors, usually at random.

    /end of amateur interpretation - more details on circumstances might help clarify, or rule out, some or all of my guesswork.

    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {10, 2, 0, fffff880095499ea}

    Probably caused by : hidusb.sys ( hidusb!HumReadCompletion+22 )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: 0000000000000010, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
    Arg4: fffff880095499ea, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800024cb100
     0000000000000010

    CURRENT_IRQL:  2

    FAULTING_IP:
    hidusb!HumReadCompletion+22
    fffff880`095499ea 488b6810        mov     rbp,qword ptr [rax+10h]

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  System

    TRAP_FRAME:  fffff800020ba5e0 -- (.trap 0xfffff800020ba5e0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8010215470
    rdx=fffff9800ef9cbd0 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff880095499ea rsp=fffff800020ba770 rbp=fffffa800e01de00
     r8=fffffa800e01de00  r9=0000000000000000 r10=fffff9800ef9cbd0
    r11=fffff800020ba908 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    hidusb!HumReadCompletion+0x22:
    fffff880`095499ea 488b6810        mov     rbp,qword ptr [rax+10h] ds:9b10:00000000`00000010=????????????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff800022981e9 to fffff80002298c40

    STACK_TEXT:  
    fffff800`020ba498 fffff800`022981e9 : 00000000`0000000a 00000000`00000010 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
    fffff800`020ba4a0 fffff800`02296e60 : fffffa80`0fdaa5d0 fffff880`09548e0b fffffa80`0fe74b90 fffff980`0ef9cf70 : nt!KiBugCheckDispatch+0x69
    fffff800`020ba5e0 fffff880`095499ea : 00000000`00000000 fffff800`0274040a fffff980`0ef9cf70 fffffa80`0ea13010 : nt!KiPageFault+0x260
    fffff800`020ba770 fffff800`027405d6 : fffff980`0ef9cf70 fffffa80`0e01de00 fffff800`020ba960 fffff980`0ef9cbd0 : hidusb!HumReadCompletion+0x22
    fffff800`020ba7c0 fffff800`0229c021 : fffff980`0ef9cf73 00000000`00000000 00000000`00000000 fffff800`02355803 : nt!IovpLocalCompletionRoutine+0x166
    fffff800`020ba820 fffff800`0273819f : fffff980`0ef9cbd0 fffffa80`0f804300 fffffa80`0ed8b000 00000000`00000000 : nt!IopfCompleteRequest+0x341
    fffff800`020ba910 fffff880`03fa8631 : fffffa80`0ed8b050 fffffa80`0e01de02 00000000`00000002 fffffa80`0ed8b050 : nt!IovCompleteRequest+0x19f
    fffff800`020ba9e0 fffff880`03fa8b0f : fffffa80`10ce0002 fffff980`0ef9cbd0 00000000`ffffffff fffffa80`0ed8beb0 : USBPORT!USBPORT_Core_iCompleteDoneTransfer+0xa15
    fffff800`020baac0 fffff880`03fa666f : fffffa80`0ed8beb0 fffffa80`0ed8b1a0 fffffa80`0ed8c050 00000000`00000000 : USBPORT!USBPORT_Core_iIrpCsqCompleteDoneTransfer+0x3a7
    fffff800`020bab20 fffff880`03f97f89 : fffffa80`0ed8b050 00000000`00000000 fffffa80`0ed8be02 fffffa80`0ed8beb0 : USBPORT!USBPORT_Core_UsbIocDpc_Worker+0xf3
    fffff800`020bab60 fffff800`022a40ac : fffff800`0240ee80 fffffa80`0ed8beb0 fffffa80`0ed8bec8 00000000`00000000 : USBPORT!USBPORT_Xdpc_Worker+0x1d9
    fffff800`020bab90 fffff800`0229096a : fffff800`0240ee80 fffff800`0241ccc0 00000000`00000000 fffff880`03f97db0 : nt!KiRetireDpcList+0x1bc
    fffff800`020bac40 00000000`00000000 : fffff800`020bb000 fffff800`020b5000 fffff800`020bac00 00000000`00000000 : nt!KiIdleLoop+0x5a


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    hidusb!HumReadCompletion+22
    fffff880`095499ea 488b6810        mov     rbp,qword ptr [rax+10h]

    SYMBOL_STACK_INDEX:  3

    SYMBOL_NAME:  hidusb!HumReadCompletion+22

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: hidusb

    IMAGE_NAME:  hidusb.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7a665

    FAILURE_BUCKET_ID:  X64_0xD1_hidusb!HumReadCompletion+22

    BUCKET_ID:  X64_0xD1_hidusb!HumReadCompletion+22

    Followup: MachineOwner
    ---------



    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck A, {fffff8a008b5e9b0, 2, 1, fffff800022ca224}

    Probably caused by : memory_corruption ( nt!MiWaitForInPageComplete+328 )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: fffff8a008b5e9b0, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000001, bitfield :
        bit 0 : value 0 = read operation, 1 = write operation
        bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: fffff800022ca224, address which referenced memory

    Debugging Details:
    ------------------


    WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800024cd100
     fffff8a008b5e9b0

    CURRENT_IRQL:  2

    FAULTING_IP:
    nt!MiWaitForInPageComplete+328
    fffff800`022ca224 f00fba6b1000    lock bts dword ptr [rbx+10h],0

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xA

    PROCESS_NAME:  CarboniteServi

    TRAP_FRAME:  fffff8800bc1c2d0 -- (.trap 0xfffff8800bc1c2d0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000002 rbx=0000000000000000 rcx=0000000000000000
    rdx=fffffa8008315520 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff800022ca224 rsp=fffff8800bc1c460 rbp=00000000002bcbd1
     r8=0000000000000000  r9=0000000000000000 r10=0000058000000000
    r11=00000000c0000434 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na po cy
    nt!MiWaitForInPageComplete+0x328:
    fffff800`022ca224 f00fba6b1000    lock bts dword ptr [rbx+10h],0 ds:00000000`00000010=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff8000229a1e9 to fffff8000229ac40

    STACK_TEXT:  
    fffff880`0bc1c188 fffff800`0229a1e9 : 00000000`0000000a fffff8a0`08b5e9b0 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff880`0bc1c190 fffff800`02298e60 : fffffa80`10b73700 fffff800`0272c301 0000000a`00000000 fffff8a0`08b5e9a0 : nt!KiBugCheckDispatch+0x69
    fffff880`0bc1c2d0 fffff800`022ca224 : 00000000`00000000 fffffa80`08363730 ffffffff`ffffffff 00000000`00000002 : nt!KiPageFault+0x260
    fffff880`0bc1c460 fffff800`02289cd3 : fffffa80`0de3d760 00000000`00000000 00000000`00000000 00000000`000001a0 : nt!MiWaitForInPageComplete+0x328
    fffff880`0bc1c540 fffff800`02584e10 : 00000000`00000000 00000000`001a05d1 fffffa80`0e5eb220 00000000`06165e00 : nt!CcFetchDataForRead+0x1c3
    fffff880`0bc1c5a0 fffff880`012f1f08 : fffff880`00000000 00000000`00000001 fffffa80`0001fa2f fffffa80`00010001 : nt!CcCopyRead+0x180
    fffff880`0bc1c660 fffff880`0110d098 : fffffa80`0e5eb220 fffffa80`0df56908 fffffa80`115f0c30 fffffa80`0e5eb201 : Ntfs!NtfsCopyReadA+0x1a8
    fffff880`0bc1c840 fffff880`011108ba : fffff880`0bc1c910 00000000`06165e03 00000000`06165e00 fffffa80`0e5eb200 : fltmgr!FltpPerformFastIoCall+0x88
    fffff880`0bc1c8a0 fffff880`0112e630 : fffffa80`0e5eb220 00000000`00000000 fffff880`0bc1ca00 00000000`00010000 : fltmgr!FltpPassThroughFastIo+0xda
    fffff880`0bc1c8e0 fffff800`02584949 : fffffa80`0e5eb220 fffffa80`00000001 fffffa80`0cda5de0 fffffa80`0e5eb220 : fltmgr!FltpFastIoRead+0x1d0
    fffff880`0bc1c980 fffff800`02299ed3 : 00000000`0000049c 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x417
    fffff880`0bc1ca70 00000000`7759137a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`05a0b218 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7759137a


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    nt!MiWaitForInPageComplete+328
    fffff800`022ca224 f00fba6b1000    lock bts dword ptr [rbx+10h],0

    SYMBOL_STACK_INDEX:  3

    SYMBOL_NAME:  nt!MiWaitForInPageComplete+328

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

    IMAGE_NAME:  memory_corruption

    FAILURE_BUCKET_ID:  X64_0xA_nt!MiWaitForInPageComplete+328

    BUCKET_ID:  X64_0xA_nt!MiWaitForInPageComplete+328

    Followup: MachineOwner
    ---------


    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 1A, {411, fffff6fc50000778, 80f0000174d67882, fffff6fc50000579}

    Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+6061 )

    Followup: MachineOwner
    ---------

    4: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    MEMORY_MANAGEMENT (1a)
        # Any other values for parameter 1 must be individually examined.
    Arguments:
    Arg1: 0000000000000411, The subtype of the bugcheck.
    Arg2: fffff6fc50000778
    Arg3: 80f0000174d67882
    Arg4: fffff6fc50000579

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0x1a_411

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    PROCESS_NAME:  iexplore.exe

    CURRENT_IRQL:  2

    TRAP_FRAME:  fffff8800a596810 -- (.trap 0xfffff8800a596810)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffff8a0000ef000 rbx=0000000000000000 rcx=000000000000033c
    rdx=0000000000100000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8000257d077 rsp=fffff8800a5969a0 rbp=fffff8800a596b00
     r8=fffff8a00e76f000  r9=0000000000000000 r10=fffff8000257d370
    r11=fffff8800a596ad8 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na po nc
    nt!ObReferenceObjectByHandleWithTag+0xe7:
    fffff800`0257d077 488b03          mov     rax,qword ptr [rbx] ds:6a20:00000000`00000000=????????????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff8000226396d to fffff80002286c40

    STACK_TEXT:  
    fffff880`0a5964b8 fffff800`0226396d : 00000000`0000001a 00000000`00000411 fffff6fc`50000778 80f00001`74d67882 : nt!KeBugCheckEx
    fffff880`0a5964c0 fffff800`022b8001 : 80f00001`74d67882 fffff6fc`50000778 0000007f`fffffff8 fffff880`0a5965c0 : nt! ?? ::FNODOBFM::`string'+0x6061
    fffff880`0a596510 fffff800`022a47ef : 00000000`00000000 00000000`02cedfb8 00000000`02cedfb8 fffff800`024bc5c0 : nt!MiResolveTransitionFault+0x381
    fffff880`0a5965a0 fffff800`022949db : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiDispatchFault+0x95f
    fffff880`0a5966b0 fffff800`02284d6e : 00000000`00000000 fffff8a0`000efcf0 00000017`00000000 fffff8a0`000efcf0 : nt!MmAccessFault+0xe1b
    fffff880`0a596810 fffff800`0257d077 : 00000c5a`00000000 00000000`00000000 00000006`02cee900 00000000`00000044 : nt!KiPageFault+0x16e
    fffff880`0a5969a0 fffff800`0257d405 : 00000000`00000000 fffff800`00100000 00000000`00000000 00000000`00000001 : nt!ObReferenceObjectByHandleWithTag+0xe7
    fffff880`0a596a70 fffff800`02285ed3 : fffffa80`0dfe5060 00000000`0000033c 00000000`00000000 00000000`00000000 : nt!NtWaitForSingleObject+0x95
    fffff880`0a596ae0 00000000`74ec2e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`02cee928 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x74ec2e09


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    nt! ?? ::FNODOBFM::`string'+6061
    fffff800`0226396d cc              int     3

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+6061

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: nt

    IMAGE_NAME:  ntkrnlmp.exe

    DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

    FAILURE_BUCKET_ID:  X64_0x1a_411_nt!_??_::FNODOBFM::_string_+6061

    BUCKET_ID:  X64_0x1a_411_nt!_??_::FNODOBFM::_string_+6061

    Followup: MachineOwner
    ---------

    Thanks are due to jcgriff2 and his hard-working team for the tools needed to extract the data and for making available the resources used to try to interpret it. Any and all errors are my own.

    • Marked as answer by fredbv Thursday, February 23, 2012 8:06 AM
    • Unmarked as answer by fredbv Thursday, February 23, 2012 8:06 AM
    Tuesday, February 14, 2012 12:07 PM
  • Hi Juke

    Thanks for your detailed response.

    I beleive I have found the issue, and my info , may assist others.

    The issue is the Realtek High Definition Audio device and the associated realtek driver MBfilt64.sys

    I have an Asus G53SW with Win 7 64bit

    When I disbale this device through device manager, under sound video and game controllers, and the try to enable, I get BSOD.

    Action I have taken;

    1. Go to C:\windows\system32\drivers\  find the file MBfilt64.sys and rename to MBfilt64.old

    2. Open device manager, by typing "device manager' in the Start search programs and file. 

    3. Under sound video and game controllers, I selected Reaktek High Definition Audio.  I disbaled the device by right click select "disable". Then right click on it again, and select properties > driver tab > unistall driver (advanced) > check delete driver software for this device.

    4. I then restarted. Windows 7 reinstalls Realtek Audio, with Microsoft drivers (I presume), as the driver MBfilt64.sys is no longer in the drivers folder.

    So far no more BSOD.

    Hope this helps and I will repost if this do not solve my BSOD.

    Again, thanks for your help Juke.

    Cheers

    Fred

    • Marked as answer by fredbv Thursday, February 23, 2012 8:23 AM
    Thursday, February 23, 2012 8:23 AM