I need help analyzing my minidump, computer freezes when idle. I have debugged, defragged, updated drivers with driver booster, scanned for malware, changed antivirus, ran memtest 5 times through with no errors.
Loading Dump File [C:\Windows\Minidump\070814-22308-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\debug_symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
Machine Name:
Kernel base = 0xfffff800`0320f000 PsLoadedModuleList = 0xfffff800`03452890
Debug session time: Tue Jul 8 15:27:07.581 2014 (UTC - 5:00)
System Uptime: 0 days 0:57:24.189
Loading Kernel Symbols
...............................................................
................................................................
............................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {91, 0, fffffa800b900ac0, 0}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4884 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
the operating system. The only supported way to extend a kernel
mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000000
Arg3: fffffa800b900ac0
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0xc4_91
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: Monitor.exe
CURRENT_IRQL: 0
EXCEPTION_RECORD: fffff8800779cbd8 -- (.exr 0xfffff8800779cbd8)
ExceptionAddress: fffff8000327b7d3 (nt!memmove+0x0000000000000223)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000001
Attempt to read from address 0000000000000001
TRAP_FRAME: fffff8800779cc80 -- (.trap 0xfffff8800779cc80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8800779ceb0 rbx=0000000000000000 rcx=fffff8800779ceb0
rdx=0000077ff8863151 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000327b7d3 rsp=fffff8800779ce18 rbp=fffff8800779d460
r8=0000000000000001 r9=0000000000000000 r10=fffff8800779cf60
r11=fffff8800779ceb0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!memmove+0x223:
fffff800`0327b7d3 8a040a mov al,byte ptr [rdx+rcx] ds:00000000`00000001=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800032db4fa to fffff80003284bc0
STACK_TEXT:
fffff880`0779bcd8 fffff800`032db4fa : 00000000`000000c4 00000000`00000091 00000000`00000000 fffffa80`0b900ac0 : nt!KeBugCheckEx
fffff880`0779bce0 fffff800`032ae153 : 00191919`00191919 00191919`00191919 00191919`00000002 00191919`00191919 : nt! ?? ::FNODOBFM::`string'+0x4884
fffff880`0779bd20 fffff800`032bf4c1 : fffff880`0779cbd8 fffff880`0779c930 fffff880`0779cc80 fffff880`0779cec0 : nt!RtlDispatchException+0x33
fffff880`0779c400 fffff800`03284242 : fffff880`0779cbd8 00000000`00000000 fffff880`0779cc80 00000000`00000001 : nt!KiDispatchException+0x135
fffff880`0779caa0 fffff800`03282dba : 00000000`00000000 00000000`00000001 00000000`00000200 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`0779cc80 fffff800`0327b7d3 : fffff800`0325b2d0 00000000`00000000 00000000`00000000 fffff8a0`0439b140 : nt!KiPageFault+0x23a
fffff880`0779ce18 fffff800`0325b2d0 : 00000000`00000000 00000000`00000000 fffff8a0`0439b140 00000000`00000200 : nt!memmove+0x223
fffff880`0779ce20 fffff800`0325b520 : fffff880`0779cec0 fffffa80`00000001 fffff880`0779cec0 fffff880`0779d700 : nt!KiOpFetchBytes+0x30
fffff880`0779ce50 fffff800`032bf2b7 : fffff880`0779d708 00000000`00000001 fffff880`0779ceb8 00000000`00000000 : nt!KiOpDecode+0x68
fffff880`0779cea0 fffff800`032bf47c : fffff880`0779d708 fffff880`0779d7b0 fffff880`0779d7b0 fffff880`0779d504 : nt!KiPreprocessFault+0x53
fffff880`0779cf30 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0xf0
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+4884
fffff800`032db4fa cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+4884
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 531590fb
FAILURE_BUCKET_ID: X64_0xc4_91_nt!_??_::FNODOBFM::_string_+4884
BUCKET_ID: X64_0xc4_91_nt!_??_::FNODOBFM::_string_+4884
Followup: MachineOwner
---------
2nd crash:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\070814-34367-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\debug_symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
Machine Name:
Kernel base = 0xfffff800`03214000 PsLoadedModuleList = 0xfffff800`03457890
Debug session time: Tue Jul 8 14:28:38.230 2014 (UTC - 5:00)
System Uptime: 0 days 1:57:59.822
Loading Kernel Symbols
...............................................................
................................................................
...........................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F4, {3, fffffa800b460960, fffffa800b460c40, fffff8000358f270}
Unable to load image \SystemRoot\system32\drivers\aswSP.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswSP.sys
*** ERROR: Module load completed but symbols could not be loaded for aswSP.sys
Probably caused by : csrss.exe
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa800b460960, Terminating object
Arg3: fffffa800b460c40, Process image file name
Arg4: fffff8000358f270, Explanatory message (ascii)
Debugging Details:
------------------
PROCESS_OBJECT: fffffa800b460960
IMAGE_NAME: csrss.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: csrss
FAULTING_MODULE: 0000000000000000
PROCESS_NAME: csrss.exe
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
BUGCHECK_STR: 0xF4_80000003
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
CURRENT_IRQL: 0
STACK_TEXT:
fffff880`0327fa78 fffff800`03617ab2 : 00000000`000000f4 00000000`00000003 fffffa80`0b460960 fffffa80`0b460c40 : nt!KeBugCheckEx
fffff880`0327fa80 fffff800`035c2abb : ffffffff`ffffffff fffffa80`0bae3620 fffffa80`0b460960 fffffa80`0b460960 : nt!PspCatchCriticalBreak+0x92
fffff880`0327fac0 fffff800`03541f04 : ffffffff`ffffffff 00000000`00000001 fffffa80`0b460960 00000000`00000008 : nt! ?? ::NNGAKEGL::`string'+0x17486
fffff880`0327fb10 fffff880`04410d66 : fffffa80`0b460960 00000000`80000003 00000000`80000003 00000000`0177f670 : nt!NtTerminateProcess+0xf4
fffff880`0327fb90 fffffa80`0b460960 : 00000000`80000003 00000000`80000003 00000000`0177f670 00000009`00000002 : aswSP+0x10d66
fffff880`0327fb98 00000000`80000003 : 00000000`80000003 00000000`0177f670 00000009`00000002 ffffffff`00000000 : 0xfffffa80`0b460960
fffff880`0327fba0 00000000`80000003 : 00000000`0177f670 00000009`00000002 ffffffff`00000000 ffffffff`ffffffff : 0x80000003
fffff880`0327fba8 00000000`0177f670 : 00000009`00000002 ffffffff`00000000 ffffffff`ffffffff 000007fe`80000003 : 0x80000003
fffff880`0327fbb0 00000009`00000002 : ffffffff`00000000 ffffffff`ffffffff 000007fe`80000003 00000000`00000000 : 0x177f670
fffff880`0327fbb8 ffffffff`00000000 : ffffffff`ffffffff 000007fe`80000003 00000000`00000000 fffff800`03288e53 : 0x9`00000002
fffff880`0327fbc0 ffffffff`ffffffff : 000007fe`80000003 00000000`00000000 fffff800`03288e53 fffff880`0327fbb0 : 0xffffffff`00000000
fffff880`0327fbc8 000007fe`80000003 : 00000000`00000000 fffff800`03288e53 fffff880`0327fbb0 fffffa80`0bae3620 : 0xffffffff`ffffffff
fffff880`0327fbd0 00000000`00000000 : fffff800`03288e53 fffff880`0327fbb0 fffffa80`0bae3620 00000000`0177f670 : 0x7fe`80000003
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: X64_0xF4_80000003_IMAGE_csrss.exe
BUCKET_ID: X64_0xF4_80000003_IMAGE_csrss.exe
Followup: MachineOwner
---------
THANK YOU!!!!!
Loading Dump File [C:\Windows\Minidump\070814-22308-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\debug_symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
Machine Name:
Kernel base = 0xfffff800`0320f000 PsLoadedModuleList = 0xfffff800`03452890
Debug session time: Tue Jul 8 15:27:07.581 2014 (UTC - 5:00)
System Uptime: 0 days 0:57:24.189
Loading Kernel Symbols
...............................................................
................................................................
............................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C4, {91, 0, fffffa800b900ac0, 0}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4884 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught. This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000091, A driver switched stacks using a method that is not supported by
the operating system. The only supported way to extend a kernel
mode stack is by using KeExpandKernelStackAndCallout.
Arg2: 0000000000000000
Arg3: fffffa800b900ac0
Arg4: 0000000000000000
Debugging Details:
------------------
BUGCHECK_STR: 0xc4_91
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: Monitor.exe
CURRENT_IRQL: 0
EXCEPTION_RECORD: fffff8800779cbd8 -- (.exr 0xfffff8800779cbd8)
ExceptionAddress: fffff8000327b7d3 (nt!memmove+0x0000000000000223)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000001
Attempt to read from address 0000000000000001
TRAP_FRAME: fffff8800779cc80 -- (.trap 0xfffff8800779cc80)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8800779ceb0 rbx=0000000000000000 rcx=fffff8800779ceb0
rdx=0000077ff8863151 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8000327b7d3 rsp=fffff8800779ce18 rbp=fffff8800779d460
r8=0000000000000001 r9=0000000000000000 r10=fffff8800779cf60
r11=fffff8800779ceb0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt!memmove+0x223:
fffff800`0327b7d3 8a040a mov al,byte ptr [rdx+rcx] ds:00000000`00000001=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff800032db4fa to fffff80003284bc0
STACK_TEXT:
fffff880`0779bcd8 fffff800`032db4fa : 00000000`000000c4 00000000`00000091 00000000`00000000 fffffa80`0b900ac0 : nt!KeBugCheckEx
fffff880`0779bce0 fffff800`032ae153 : 00191919`00191919 00191919`00191919 00191919`00000002 00191919`00191919 : nt! ?? ::FNODOBFM::`string'+0x4884
fffff880`0779bd20 fffff800`032bf4c1 : fffff880`0779cbd8 fffff880`0779c930 fffff880`0779cc80 fffff880`0779cec0 : nt!RtlDispatchException+0x33
fffff880`0779c400 fffff800`03284242 : fffff880`0779cbd8 00000000`00000000 fffff880`0779cc80 00000000`00000001 : nt!KiDispatchException+0x135
fffff880`0779caa0 fffff800`03282dba : 00000000`00000000 00000000`00000001 00000000`00000200 00000000`00000000 : nt!KiExceptionDispatch+0xc2
fffff880`0779cc80 fffff800`0327b7d3 : fffff800`0325b2d0 00000000`00000000 00000000`00000000 fffff8a0`0439b140 : nt!KiPageFault+0x23a
fffff880`0779ce18 fffff800`0325b2d0 : 00000000`00000000 00000000`00000000 fffff8a0`0439b140 00000000`00000200 : nt!memmove+0x223
fffff880`0779ce20 fffff800`0325b520 : fffff880`0779cec0 fffffa80`00000001 fffff880`0779cec0 fffff880`0779d700 : nt!KiOpFetchBytes+0x30
fffff880`0779ce50 fffff800`032bf2b7 : fffff880`0779d708 00000000`00000001 fffff880`0779ceb8 00000000`00000000 : nt!KiOpDecode+0x68
fffff880`0779cea0 fffff800`032bf47c : fffff880`0779d708 fffff880`0779d7b0 fffff880`0779d7b0 fffff880`0779d504 : nt!KiPreprocessFault+0x53
fffff880`0779cf30 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0xf0
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+4884
fffff800`032db4fa cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+4884
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 531590fb
FAILURE_BUCKET_ID: X64_0xc4_91_nt!_??_::FNODOBFM::_string_+4884
BUCKET_ID: X64_0xc4_91_nt!_??_::FNODOBFM::_string_+4884
Followup: MachineOwner
---------
2nd crash:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\070814-34367-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\debug_symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
Machine Name:
Kernel base = 0xfffff800`03214000 PsLoadedModuleList = 0xfffff800`03457890
Debug session time: Tue Jul 8 14:28:38.230 2014 (UTC - 5:00)
System Uptime: 0 days 1:57:59.822
Loading Kernel Symbols
...............................................................
................................................................
...........................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F4, {3, fffffa800b460960, fffffa800b460c40, fffff8000358f270}
Unable to load image \SystemRoot\system32\drivers\aswSP.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswSP.sys
*** ERROR: Module load completed but symbols could not be loaded for aswSP.sys
Probably caused by : csrss.exe
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_OBJECT_TERMINATION (f4)
A process or thread crucial to system operation has unexpectedly exited or been
terminated.
Several processes and threads are necessary for the operation of the
system; when they are terminated (for any reason), the system can no
longer function.
Arguments:
Arg1: 0000000000000003, Process
Arg2: fffffa800b460960, Terminating object
Arg3: fffffa800b460c40, Process image file name
Arg4: fffff8000358f270, Explanatory message (ascii)
Debugging Details:
------------------
PROCESS_OBJECT: fffffa800b460960
IMAGE_NAME: csrss.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: csrss
FAULTING_MODULE: 0000000000000000
PROCESS_NAME: csrss.exe
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
BUGCHECK_STR: 0xF4_80000003
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
CURRENT_IRQL: 0
STACK_TEXT:
fffff880`0327fa78 fffff800`03617ab2 : 00000000`000000f4 00000000`00000003 fffffa80`0b460960 fffffa80`0b460c40 : nt!KeBugCheckEx
fffff880`0327fa80 fffff800`035c2abb : ffffffff`ffffffff fffffa80`0bae3620 fffffa80`0b460960 fffffa80`0b460960 : nt!PspCatchCriticalBreak+0x92
fffff880`0327fac0 fffff800`03541f04 : ffffffff`ffffffff 00000000`00000001 fffffa80`0b460960 00000000`00000008 : nt! ?? ::NNGAKEGL::`string'+0x17486
fffff880`0327fb10 fffff880`04410d66 : fffffa80`0b460960 00000000`80000003 00000000`80000003 00000000`0177f670 : nt!NtTerminateProcess+0xf4
fffff880`0327fb90 fffffa80`0b460960 : 00000000`80000003 00000000`80000003 00000000`0177f670 00000009`00000002 : aswSP+0x10d66
fffff880`0327fb98 00000000`80000003 : 00000000`80000003 00000000`0177f670 00000009`00000002 ffffffff`00000000 : 0xfffffa80`0b460960
fffff880`0327fba0 00000000`80000003 : 00000000`0177f670 00000009`00000002 ffffffff`00000000 ffffffff`ffffffff : 0x80000003
fffff880`0327fba8 00000000`0177f670 : 00000009`00000002 ffffffff`00000000 ffffffff`ffffffff 000007fe`80000003 : 0x80000003
fffff880`0327fbb0 00000009`00000002 : ffffffff`00000000 ffffffff`ffffffff 000007fe`80000003 00000000`00000000 : 0x177f670
fffff880`0327fbb8 ffffffff`00000000 : ffffffff`ffffffff 000007fe`80000003 00000000`00000000 fffff800`03288e53 : 0x9`00000002
fffff880`0327fbc0 ffffffff`ffffffff : 000007fe`80000003 00000000`00000000 fffff800`03288e53 fffff880`0327fbb0 : 0xffffffff`00000000
fffff880`0327fbc8 000007fe`80000003 : 00000000`00000000 fffff800`03288e53 fffff880`0327fbb0 fffffa80`0bae3620 : 0xffffffff`ffffffff
fffff880`0327fbd0 00000000`00000000 : fffff800`03288e53 fffff880`0327fbb0 fffffa80`0bae3620 00000000`0177f670 : 0x7fe`80000003
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: X64_0xF4_80000003_IMAGE_csrss.exe
BUCKET_ID: X64_0xF4_80000003_IMAGE_csrss.exe
Followup: MachineOwner
---------
THANK YOU!!!!!