Hello, I am getting a BSOD when i load a lot of applications. Here is the .dmp https://skydrive.live.com/?cid=5fccfcc000d40513&id=5FCCFCC000D40513%21111# I ran an !analyze -v on it and here is what I got. BugCheck 24, {1904fb, fffff8800448f0e8, fffff8800448e940, fffff80003ab23d1} Probably caused by : Ntfs.sys ( Ntfs!NtfsFlushUserStream+b4 ) Followup: MachineOwner --------- 4: kd> !analyze -v NTFS_FILE_SYSTEM (24) If you see NtfsExceptionFilter on the stack then the 2nd and 3rd parameters are the exception record and context record. Do a .cxr on the 3rd parameter and then kb to obtain a more informative stack trace. Arguments: Arg1: 00000000001904fb Arg2: fffff8800448f0e8 Arg3: fffff8800448e940 Arg4: fffff80003ab23d1 Debugging Details: ------------------ EXCEPTION_RECORD: fffff8800448f0e8 -- (.exr 0xfffff8800448f0e8) ExceptionAddress: fffff80003ab23d1 (nt!CcUnmapVacbArray+0x0000000000000161) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 0000000400000010 Attempt to read from address 0000000400000010 CONTEXT: fffff8800448e940 -- (.cxr 0xfffff8800448e940) rax=fffffa800da4a700 rbx=00000000014c0000 rcx=0000000000000053 rdx=fffff80003c907f0 rsi=0000000001500000 rdi=0000000001500000 rip=fffff80003ab23d1 rsp=fffff8800448f320 rbp=0000000400000000 r8=0000000018026040 r9=0000000000000000 r10=0000000018010400 r11=fffff8a001311860 r12=00000000014c0000 r13=fffffa800da5be00 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206 nt!CcUnmapVacbArray+0x161: fffff800`03ab23d1 66837d1000 cmp word ptr [rbp+10h],0 ss:0018:00000004`00000010=???? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: MsMpEng.exe CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 0000000400000010 READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003cc1100 0000000400000010 FOLLOWUP_IP: Ntfs!NtfsFlushUserStream+b4 fffff880`014916d4 389c24a0000000 cmp byte ptr [rsp+0A0h],bl FAULTING_IP: nt!CcUnmapVacbArray+161 fffff800`03ab23d1 66837d1000 cmp word ptr [rbp+10h],0 BUGCHECK_STR: 0x24 LAST_CONTROL_TRANSFER: from fffff80003ad0969 to fffff80003ab23d1 STACK_TEXT: fffff880`0448f320 fffff800`03ad0969 : fffff8a0`01319101 00000000`00000000 fffff880`0448f4e8 00000000`00000000 : nt!CcUnmapVacbArray+0x161 fffff880`0448f3b0 fffff880`014916d4 : fffffa80`0da4f168 00000000`00000000 fffff8a0`00000000 00000000`00000001 : nt!CcFlushCache+0x8e9 fffff880`0448f4b0 fffff880`014874e3 : 00000000`00000000 fffff8a0`0131a2c0 00000000`00000000 00000000`00000001 : Ntfs!NtfsFlushUserStream+0xb4 fffff880`0448f530 fffff880`01429d7f : fffffa80`0eae5cf0 fffffa80`0c2c5180 00000000`00000001 fffff880`01222200 : Ntfs!NtfsFlushVolume+0x2c7 fffff880`0448f660 fffff880`01418684 : fffffa80`0eae5cf0 fffff880`0120fd01 fffffa80`0b389850 fffff880`0448f700 : Ntfs!NtfsVolumeDasdIo+0x1d3 fffff880`0448f710 fffff880`01418a68 : fffffa80`0eae5cf0 fffffa80`0e67dbd0 fffff880`0448f801 fffffa80`0ec68000 : Ntfs!NtfsCommonRead+0x1e58 fffff880`0448f8b0 fffff880`01202bcf : fffffa80`0e67dfb8 fffffa80`0e67dbd0 fffffa80`0ec68010 00000000`00000000 : Ntfs!NtfsFsdRead+0x1b8 fffff880`0448f960 fffff880`012016df : fffffa80`0b3888f0 00000000`00000001 fffffa80`0b388800 fffffa80`0e67dbd0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f fffff880`0448f9f0 fffff800`03d9721b : 00000000`00000000 fffffa80`0a781dc0 00000000`00000001 fffffa80`0e67dbd0 : fltmgr!FltpDispatch+0xcf fffff880`0448fa50 fffff800`03d78b63 : fffffa80`0a781dc0 fffffa80`0a781dc0 fffffa80`0a781dc0 fffff880`009b2180 : nt!IopSynchronousServiceTail+0xfb fffff880`0448fac0 fffff800`03a8ded3 : 00000000`0000053c 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x631 fffff880`0448fbb0 00000000`76d7137a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`00add498 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76d7137a SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: Ntfs!NtfsFlushUserStream+b4 FOLLOWUP_NAME: MachineOwner MODULE_NAME: Ntfs IMAGE_NAME: Ntfs.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b STACK_COMMAND: .cxr 0xfffff8800448e940 ; kb FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsFlushUserStream+b4 BUCKET_ID: X64_0x24_Ntfs!NtfsFlushUserStream+b4 Followup: MachineOwner Looks to me like MsMpEng.exe caused the fault, but I am not sure. Any help or guidence would be appreciated, I am going to run a ScnDsk and and sfc /scannow right now and see what happens, but I doubt it will help.Roman

******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* NTFS_FILE_SYSTEM (24) If you see NtfsExceptionFilter on the stack then the 2nd and 3rd parameters are the exception record and context record. Do a .cxr on the 3rd parameter and then kb to obtain a more informative stack trace. Arguments: Arg1: 00000000001904fb Arg2: fffff8800448f0e8 Arg3: fffff8800448e940 Arg4: fffff80003ab23d1 Debugging Details: ------------------ EXCEPTION_RECORD: fffff8800448f0e8 -- (.exr 0xfffff8800448f0e8) ExceptionAddress: fffff80003ab23d1 (nt!CcUnmapVacbArray+0x0000000000000161) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 0000000400000010 Attempt to read from address 0000000400000010 CONTEXT: fffff8800448e940 -- (.cxr 0xfffff8800448e940) rax=fffffa800da4a700 rbx=00000000014c0000 rcx=0000000000000053 rdx=fffff80003c907f0 rsi=0000000001500000 rdi=0000000001500000 rip=fffff80003ab23d1 rsp=fffff8800448f320 rbp=0000000400000000 r8=0000000018026040 r9=0000000000000000 r10=0000000018010400 r11=fffff8a001311860 r12=00000000014c0000 r13=fffffa800da5be00 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010206 nt!CcUnmapVacbArray+0x161: fffff800`03ab23d1 66837d1000 cmp word ptr [rbp+10h],0 ss:0018:00000004`00000010=???? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: MsMpEng.exe CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 0000000400000010 READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003cc1100 0000000400000010 FOLLOWUP_IP: Ntfs!NtfsFlushUserStream+b4 fffff880`014916d4 389c24a0000000 cmp byte ptr [rsp+0A0h],bl FAULTING_IP: nt!CcUnmapVacbArray+161 fffff800`03ab23d1 66837d1000 cmp word ptr [rbp+10h],0 BUGCHECK_STR: 0x24 LAST_CONTROL_TRANSFER: from fffff80003ad0969 to fffff80003ab23d1 STACK_TEXT: fffff880`0448f320 fffff800`03ad0969 : fffff8a0`01319101 00000000`00000000 fffff880`0448f4e8 00000000`00000000 : nt!CcUnmapVacbArray+0x161 fffff880`0448f3b0 fffff880`014916d4 : fffffa80`0da4f168 00000000`00000000 fffff8a0`00000000 00000000`00000001 : nt!CcFlushCache+0x8e9 fffff880`0448f4b0 fffff880`014874e3 : 00000000`00000000 fffff8a0`0131a2c0 00000000`00000000 00000000`00000001 : Ntfs!NtfsFlushUserStream+0xb4 fffff880`0448f530 fffff880`01429d7f : fffffa80`0eae5cf0 fffffa80`0c2c5180 00000000`00000001 fffff880`01222200 : Ntfs!NtfsFlushVolume+0x2c7 fffff880`0448f660 fffff880`01418684 : fffffa80`0eae5cf0 fffff880`0120fd01 fffffa80`0b389850 fffff880`0448f700 : Ntfs!NtfsVolumeDasdIo+0x1d3 fffff880`0448f710 fffff880`01418a68 : fffffa80`0eae5cf0 fffffa80`0e67dbd0 fffff880`0448f801 fffffa80`0ec68000 : Ntfs!NtfsCommonRead+0x1e58 fffff880`0448f8b0 fffff880`01202bcf : fffffa80`0e67dfb8 fffffa80`0e67dbd0 fffffa80`0ec68010 00000000`00000000 : Ntfs!NtfsFsdRead+0x1b8 fffff880`0448f960 fffff880`012016df : fffffa80`0b3888f0 00000000`00000001 fffffa80`0b388800 fffffa80`0e67dbd0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f fffff880`0448f9f0 fffff800`03d9721b : 00000000`00000000 fffffa80`0a781dc0 00000000`00000001 fffffa80`0e67dbd0 : fltmgr!FltpDispatch+0xcf fffff880`0448fa50 fffff800`03d78b63 : fffffa80`0a781dc0 fffffa80`0a781dc0 fffffa80`0a781dc0 fffff880`009b2180 : nt!IopSynchronousServiceTail+0xfb fffff880`0448fac0 fffff800`03a8ded3 : 00000000`0000053c 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x631 fffff880`0448fbb0 00000000`76d7137a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`00add498 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76d7137a SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: Ntfs!NtfsFlushUserStream+b4 FOLLOWUP_NAME: MachineOwner MODULE_NAME: Ntfs IMAGE_NAME: Ntfs.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b STACK_COMMAND: .cxr 0xfffff8800448e940 ; kb FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsFlushUserStream+b4 BUCKET_ID: X64_0x24_Ntfs!NtfsFlushUserStream+b4 Followup: MachineOwner --------- 4: kd> lmvm Ntfs start end module name fffff880`0140c000 fffff880`015af000 Ntfs (pdb symbols) c:\symbols\ntfs.pdb\D51347AE03CB4523A2844EA865BA0BE92\ntfs.pdb Loaded symbol image file: Ntfs.sys Mapped memory image file: c:\symbols\Ntfs.sys\4D79997B1a3000\Ntfs.sys Image path: \SystemRoot\System32\Drivers\Ntfs.sys Image name: Ntfs.sys Timestamp: Fri Mar 11 04:39:39 2011 (4D79997B) CheckSum: 0019968A ImageSize: 001A3000 File version: 6.1.7601.17577 Product version: 6.1.7601.17577 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: ntfs.sys OriginalFilename: ntfs.sys ProductVersion: 6.1.7601.17577 FileVersion: 6.1.7601.17577 (win7sp1_gdr.110310-1504) FileDescription: NT File System Driver LegalCopyright: © Microsoft Corporation. All rights reserved. ------------------------------------------------------------ Bug Check Code 0x24: http://msdn.microsoft.com/en-us/library/ff557433(VS.85).aspx Please start by running chkdsk /r /f. Please also check your disk cables. The BSOD occured when MsMpEng.exe was running. It is used by Windows Defender: http://www.processlibrary.com/directory/files/msmpeng/27074/ Disable Windows Defender and check again. It is also possible that you have hardware problems with your disk. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer

Hi, Did your issue solved by the suggestion of Mr X? Please feel free to give me any update. Thanks. Regards, Leo Huang TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish. BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts. Regards, Leo Huang TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.