locked
BSOD on Windows 7 Enterprise computers RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi all,

    I need help with BSOD appearing on several new computers with Windows 7 Enterprise, installed from a same image. Here's a partial output from a Memory.dmp file from one of the PCs (I can provide dump files from other PCs, but they all give almost identical information).

    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: 00000000000000f0, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000001, bitfield :
        bit 0 : value 0 = read operation, 1 = write operation
        bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: fffff80002cdc045, address which referenced memory

    Debugging Details:
    ------------------


    WRITE_ADDRESS:  00000000000000f0

    CURRENT_IRQL:  2

    FAULTING_IP:
    nt!KeWaitForMultipleObjects+1cd
    fffff800`02cdc045 f00fba2e07      lock bts dword ptr [rsi],7

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    BUGCHECK_STR:  0xA

    PROCESS_NAME:  System

    TRAP_FRAME:  fffff88006edc750 -- (.trap 0xfffff88006edc750)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff80002cdc045 rsp=fffff88006edc8e0 rbp=fffffa8006b0b180
     r8=0000000000000000  r9=fffff88002f65180 r10=0000000000000002
    r11=000000000002a66f r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz ac pe nc
    nt!KeWaitForMultipleObjects+0x1cd:
    fffff800`02cdc045 f00fba2e07      lock bts dword ptr [rsi],7 ds:00000000`00000000=????????
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff80002cd9169 to fffff80002cd9bc0

    STACK_TEXT:  
    fffff880`06edc608 fffff800`02cd9169 : 00000000`0000000a 00000000`000000f0 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff880`06edc610 fffff800`02cd7de0 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`06b0b168 : nt!KiBugCheckDispatch+0x69
    fffff880`06edc750 fffff800`02cdc045 : fffff880`06edc9f0 fffff880`0188da35 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260
    fffff880`06edc8e0 fffff880`0188f6cd : fffffa80`00000002 fffffa80`07660f40 fffffa80`00000001 fffff880`00000000 : nt!KeWaitForMultipleObjects+0x1cd
    fffff880`06edcba0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : HDDfilter+0x36cd


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    HDDfilter+36cd
    fffff880`0188f6cd 85c0            test    eax,eax

    SYMBOL_STACK_INDEX:  4

    SYMBOL_NAME:  HDDfilter+36cd

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: HDDfilter

    IMAGE_NAME:  HDDfilter.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  536552cc

    FAILURE_BUCKET_ID:  X64_0xA_HDDfilter+36cd

    BUCKET_ID:  X64_0xA_HDDfilter+36cd

    Followup: MachineOwner
    ---------

    Please, let me know if I can give you additional information, which may help.

    Wednesday, December 17, 2014 3:34 PM

Answers

  • Question
    Sign in to vote
    2
    Sign in to vote

    DH

    Michael was correct   (of course) but the driver description is not certain as many manufacturers use HDDfilter.  It may be Driver Description: Sonic Solutions HDD Filter Driver (used by many different CD/DVD programs).  I would rename hddfilter.sys to hddfilter.BAK so it cannot load and see what complains.  Once you find what the offending app is you can chose to remove it or update it to current

    Wanikiya and Dyami--Team Zigzag

    • Marked as answer by Cloud_TS Monday, December 29, 2014 8:33 AM
    Thursday, December 18, 2014 12:23 PM

All replies

  • Question
    Sign in to vote
    1
    Sign in to vote

    DH

    We need the actual DMP files.

     We do need the actual log files (called a DMP files) as they contain the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible.  


    Please follow our instructions for finding and uploading the files we need to help you fix your computer. They can be found here
    If you have any questions about the procedure please ask

    If you are using Blue screen view, who crashed, or a similar application, don't.  They are wrong at least as often as they are correct

    Wanikiya and Dyami--Team Zigzag

    Wednesday, December 17, 2014 4:53 PM
  • Question
    Sign in to vote
    2
    Sign in to vote

    Hi dhristov,

    From the information that you attached, the BSOD here seems to be related with the hard drive(Disk Protect Driver: HDDfilter.sys, seems to be the cause).

    Please take a check to see if any drivers need to be updated, specially for the BIOS. Or you may check with the manufacurer side.

    Here is the reference about the Bugcheck information: Bug Check 0xA: IRQL_NOT_LESS_OR_EQUAL

    As Mr. Zigzag suggested, please upload the dump file here, we will check and see if more information could be found.

    Best regards

    Michael Shao
    TechNet Community Support

    Thursday, December 18, 2014 3:01 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Here are memory.dmp files from three computers. They've been installed from one image, they have an identical hardware.

    https://www.dropbox.com/s/z78gaz6m57xwyg3/PC_A.zip?dl=0
    https://www.dropbox.com/s/lh2ukg95sgrlscd/PC_B.zip?dl=0
    https://www.dropbox.com/s/x6hj7ouve55d8z8/PC_C.zip?dl=0

    I used the WinDbg tool to view the dmp file.

    Kind Regards,

    DH


    • Edited by dhristov Thursday, December 18, 2014 8:43 AM
    Thursday, December 18, 2014 8:42 AM
  • Question
    Sign in to vote
    2
    Sign in to vote

    DH

    Michael was correct   (of course) but the driver description is not certain as many manufacturers use HDDfilter.  It may be Driver Description: Sonic Solutions HDD Filter Driver (used by many different CD/DVD programs).  I would rename hddfilter.sys to hddfilter.BAK so it cannot load and see what complains.  Once you find what the offending app is you can chose to remove it or update it to current

    Wanikiya and Dyami--Team Zigzag

    • Marked as answer by Cloud_TS Monday, December 29, 2014 8:33 AM
    Thursday, December 18, 2014 12:23 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    It turned out to be the Lenovo Active Protection System - version 1.0.0.17. The new version does fix this, so it's ok now.
    Wednesday, January 14, 2015 2:00 PM