Sign in with
Sign up | Sign in
Your question
Solved

Blue Screen Error: Please help me decipher my MEMORY.DMP

Last response: in Windows 7
Share
February 20, 2014 3:01:58 PM

I've been getting blue screens on my PC about every other day, and I've been trying to figure out what's causing the problem. I've tried to do some of the troubleshooting, but it's all a bit much for me. I was hoping someone on these forums could help!

I've copied the MEMORY.DMP and !analyze -v into the spoilers below. I see some error messages, but I'm not sure what to make of them. Any advice would be appreciated! Here's a list of my computer hardware: http://pcpartpicker.com/b/Mlj.

MEMORY.DMP:
Spoiler

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18247.amd64fre.win7sp1_gdr.130828-1532
Machine Name:
Kernel base = 0xfffff800`0344c000 PsLoadedModuleList = 0xfffff800`0368f6d0
Debug session time: Thu Feb 20 16:47:05.849 2014 (UTC - 6:00)
System Uptime: 0 days 8:31:57.269
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols
...............................................................
................................................................
...............................................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`7efdf018). Type ".hh dbgerr001" for details
Loading unloaded module list
..................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {40, 2, 0, fffff88006ac43c0}

*** ERROR: Module load completed but symbols could not be loaded for cfosspeed6.sys
*** ERROR: Module load completed but symbols could not be loaded for ndis.sys
*** ERROR: Module load completed but symbols could not be loaded for pacer.sys
*** ERROR: Module load completed but symbols could not be loaded for tcpip.sys
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
*** ERROR: Module load completed but symbols could not be loaded for fltmgr.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : cfosspeed6.sys ( cfosspeed6+a93c0 )

Followup: MachineOwner
---------

!analyze -v:
Spoiler


0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000040, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff88006ac43c0, address which referenced memory

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************

ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

FAULTING_MODULE: fffff8000344c000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 4e11bdbb

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
0000000000000040

CURRENT_IRQL: 0

FAULTING_IP:
cfosspeed6+a93c0
fffff880`06ac43c0 488b00 mov rax,qword ptr [rax]

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from fffff800034c1169 to fffff800034c1bc0

STACK_TEXT:
fffff800`00ba18d8 fffff800`034c1169 : 00000000`0000000a 00000000`00000040 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff800`00ba18e0 fffff800`034bfde0 : fffffa80`063396b0 fffff880`06a2482a 00000000`00000100 fffffa80`04757ac0 : nt!KeSynchronizeExecution+0x3d39
fffff800`00ba1a20 fffff880`06ac43c0 : fffff800`00ba1bd0 fffff800`00ba1bd0 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0x29b0
fffff800`00ba1bb0 fffff880`06ac3300 : fffffa80`047662e0 fffff800`00ba1cf0 fffff800`00ba1cd8 00000000`00000000 : cfosspeed6+0xa93c0
fffff800`00ba1c10 fffff880`0167b4d4 : fffffa80`047662e0 fffffa80`0ab6b030 fffffa80`00000000 fffffa80`00000000 : cfosspeed6+0xa8300
fffff800`00ba1df0 fffff880`068db199 : 3fffc000`00000000 fffffa80`046851a0 00000000`00000000 fffff880`06b003dd : ndis+0x24d4
fffff800`00ba1e30 fffff880`0167b419 : 00000000`0000006e fffff800`0340ab7f 00000000`00000100 fffff880`06a1f0e7 : pacer+0x1199
fffff800`00ba1f30 fffff880`017375d5 : 00000000`001e0900 00000000`00000000 fffffa80`046851a0 fffff880`011135ad : ndis+0x2419
fffff800`00ba1f90 fffff880`0185f5ae : 00000000`00000000 00000000`0000000e fffffa80`0480aba0 fffffa80`039dfb50 : ndis+0xbe5d5
fffff800`00ba1ff0 fffff880`0185d1a7 : fffff880`0196e9a0 00000000`00000000 fffffa80`04710000 fffffa80`01960800 : tcpip+0x5e5ae
fffff800`00ba2110 fffff880`0185ebd5 : 00000000`00000000 00000000`00000000 fffffa80`0601b080 fffffa80`0412cb1c : tcpip+0x5c1a7
fffff800`00ba21d0 fffff880`0185de5e : fffffa80`0412cb06 fffff800`00ba2500 00000000`00000014 fffffa80`00000000 : tcpip+0x5dbd5
fffff800`00ba22f0 fffff880`0186077e : 00000000`00000000 fffff880`01903507 fffffa80`0a603b00 fffffa80`0a5af520 : tcpip+0x5ce5e
fffff800`00ba2490 fffff880`019320c0 : fffffa80`0a603b00 00000000`00000004 00000000`00000004 fffffa80`0a603b00 : tcpip+0x5f77e
fffff800`00ba24d0 fffff880`018bf126 : 00000000`00000000 fffff880`01887ad8 00000000`00000000 fffffa80`0a603b00 : tcpip+0x1310c0
fffff800`00ba2640 fffff880`01888166 : 00000000`00000000 00000000`00000000 00000000`00000d20 00000000`002edef6 : tcpip+0xbe126
fffff800`00ba2720 fffff800`034cc85c : fffff800`00ba2848 fffff800`0014199b 00000000`0000ffff 00000000`00000001 : tcpip+0x87166
fffff800`00ba27a0 fffff800`034cc6f6 : fffffa80`068eb578 fffffa80`068eb578 00000000`00000000 00000000`00000000 : nt!KeReleaseMutant+0xb2c
fffff800`00ba2810 fffff800`034cc5de : 00000047`84eb1700 fffff800`00ba2e88 00000000`001e0b93 fffff800`036404e8 : nt!KeReleaseMutant+0x9c6
fffff800`00ba2e60 fffff800`034cc3c7 : fffff800`0363cec3 fffff800`001e0b93 fffffa80`03e9b050 00000000`00000093 : nt!KeReleaseMutant+0x8ae
fffff800`00ba2f00 fffff800`034c4d15 : 00000000`00000000 fffffa80`0664eb50 00000000`00000000 fffff880`0110ff78 : nt!KeReleaseMutant+0x697
fffff800`00ba2fb0 fffff800`034c4b2c : fffffa80`038d4000 fffff800`0340d895 fffff800`03433460 fffff880`1090fb10 : nt!KeWaitForMultipleObjects+0xe95
fffff880`1090fa50 fffff800`0350cb53 : fffff800`034be140 fffff800`034be1ac 00000000`00000001 fffff800`03645e80 : nt!KeWaitForMultipleObjects+0xcac
fffff880`1090fa80 fffff800`034be1ac : 00000000`00000001 fffff800`03645e80 fffffa80`a937e010 00000000`00000400 : nt!IoFreeErrorLogEntry+0x8a3
fffff880`1090fa90 fffff800`035f3230 : 00000000`00000001 fffff880`1090fc80 00000000`00000000 fffff880`10910260 : nt!KeSynchronizeExecution+0xd7c
fffff880`1090fc20 fffff800`035f5f26 : fffff800`036526c0 00000000`00000082 00000000`00000000 fffff800`0361f8f0 : nt!ExDeleteNPagedLookasideList+0x5440
fffff880`1090fd60 fffff800`034a8d52 : ffffffff`00000000 fffff800`03645e00 fffff880`1090f500 fffffa80`00000001 : nt!ExAllocatePoolWithTag+0x316
fffff880`1090fe50 fffff800`034a8dd3 : fffffa80`06353810 fffff800`038209c8 fffffa80`03acd710 fffff880`01249ab5 : nt!bsearch+0x632
fffff880`1090fe80 fffff800`034d825b : 00000000`00000001 fffffa80`04381960 fffffa80`04381960 fffffa80`09a7a4f0 : nt!bsearch+0x6b3
fffff880`1090feb0 fffff800`034d6f8f : 00000000`00000000 00000000`0000000e 00000000`00000000 00000000`00000001 : nt!RtlCopyUnicodeString+0x5ab
fffff880`1090ff70 fffff800`037bebc2 : 00000000`00000001 00000000`03c00400 fffff880`109100c8 fffff880`109100c0 : nt!KeReleaseGuardedMutex+0x18ef
fffff880`10910000 fffff880`012dbfd2 : 00000000`00000000 00000000`00000000 00000000`00000002 00000000`0000000e : nt!CcMapData+0xd2
fffff880`109100c0 fffff880`012d7b4c : fffffa80`03acd710 fffffa80`04282180 fffff8a0`0c70fa98 00000000`00000001 : Ntfs+0xabfd2
fffff880`10910170 fffff880`0123ffa2 : 00000000`00000000 fffff8a0`0c70fcb0 fffffa80`03acd710 fffff800`034ccfc5 : Ntfs+0xa7b4c
fffff880`10910200 fffff880`012e7a05 : fffffa80`03acd710 fffff8a0`0c70fbc0 00000000`00000010 fffff880`109103d0 : Ntfs+0xffa2
fffff880`10910370 fffff880`012e39f8 : fffffa80`03acd710 fffff8a0`0c70fbc0 fffffa80`038d4000 fffffa80`09a7a4f0 : Ntfs+0xb7a05
fffff880`10910430 fffff880`012483fc : fffffa80`03acd710 fffffa80`09a7a4f0 00000000`00000024 00000000`00000010 : Ntfs+0xb39f8
fffff880`10910540 fffff880`01245dbc : 00000000`00000000 fffff880`10910780 00000000`00000000 00000000`00000000 : Ntfs+0x183fc
fffff880`109105a0 fffff880`01246e73 : fffffa80`03acd710 fffffa80`6e14a010 fffff880`10910701 fffff880`10910700 : Ntfs+0x15dbc
fffff880`10910750 fffff880`01002bcf : fffffa80`6e14a320 fffffa80`6e14a010 fffffa80`9b348d30 00000000`00000001 : Ntfs+0x16e73
fffff880`10910810 fffff880`010016df : fffffa80`041b3a30 00000000`00000001 fffffa80`041b3a00 fffffa80`6e14a010 : fltmgr+0x2bcf
fffff880`109108a0 fffff800`037cb17b : 00000000`00000001 fffffa80`09a7a4f0 00000000`00000001 fffffa80`6e14a010 : fltmgr+0x16df
fffff880`10910900 fffff800`037d5b83 : fffffa80`6e14a368 00000000`00000000 fffffa80`09a7a4f0 fffff800`0363ce80 : nt!NtCreateFile+0x31f
fffff880`10910970 fffff800`034c0e53 : 00000000`74992401 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtWriteFile+0x7e3
fffff880`10910a70 00000000`74992e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0x3a23
00000000`0e15ea98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x74992e09


STACK_COMMAND: kb

FOLLOWUP_IP:
cfosspeed6+a93c0
fffff880`06ac43c0 488b00 mov rax,qword ptr [rax]

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: cfosspeed6+a93c0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cfosspeed6

IMAGE_NAME: cfosspeed6.sys

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

a b $ Windows 7
February 20, 2014 3:36:08 PM

Have you tried uninstalling cFosSpeed? Evidently it is an internet acceleration program. Look for it under Programs and Features in Control Panel.
m
0
l

Best solution

a b $ Windows 7
February 20, 2014 3:39:29 PM

Have you tried uninstalling cFosSpeed? Evidently it is an internet acceleration program. Look for it under Programs and Features in Control Panel.
Share
Related resources
February 23, 2014 8:03:42 PM

kenrivers said:
Have you tried uninstalling cFosSpeed? Evidently it is an internet acceleration program. Look for it under Programs and Features in Control Panel.


Yes I did, and I think that did it! No Blue Screen for 2 days :) 
m
0
l
February 23, 2014 8:20:55 PM

The problem is solved, but I find it important to note most (read all) download accelerator programs are trouble. They won't help and are prone to making things worse. Avoid them.
m
0
l
!