Yet Another BSOD

repstosw · 08 Feb 2011

Hi!

I have a week-old laptop computer (Dell XPS15).
Since yesterday I have been getting BSODs every 1-15 minutes, which is frustrating, to say the

least.

On entering Windows after a reboot I get information like this:

=========================================

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.48
Locale ID: 1053

Additional information about the problem:
BCCode: 50
BCP1: FFFFF6A3FF7F82C0
BCP2: 0000000000000000
BCP3: FFFFF800030D42E2
BCP4: 0000000000000005
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\020811-18049-01.dmp
C:\Users\magnus\AppData\Local\Temp\WER-38313-0.sysdata.xml

=========================================

..although it is sometimes BCCode 1a.

I

have searched for solutions to my problems, and so far I have done the following, without

success:

*
Ran Malware-bytes quick scan and full scan
* Ran Norton Anti-virus, full scan
* Reinstalled chrome and synaptics mouse drivers (which I at first thought were the culprits)
* Reinstalled a bunch of drivers, including the latest drivers from nVidia
* Ran Windows update several times
* Used the memory checking tool on the Windows 7 disc to verify that my memory is not broken

I don't really know what to try next and would much appreciate any help!

I'm attaching the .dmp and .xml files from the latest crash, if it helps.

Thanks in advance!

Best Regards,
Magnus

wish · 08 Feb 2011

Hello,

Enable Driver Verifier and wait until your Windows crashes. → Driver Verifier - Enable and Disable
The purpose is to find out whether there are any offending drivers.

Then disable the DV and follow this instruction to collect all data:
Blue Screen of Death (BSOD) Posting Instructions

Code:

Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`03050000 PsLoadedModuleList = 0xfffff800`0328de50
Debug session time: Tue Feb  8 02:13:58.645 2011 (GMT-8)
System Uptime: 0 days 0:55:26.800
Loading Kernel Symbols
...............................................................
................................................................
........................................
Loading User Symbols
Loading unloaded module list
..............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffff6a3ff7f82c0, 0, fffff800030d42e2, 5}


Could not read faulting driver name
Probably caused by : memory_corruption ( nt!MiAgeWorkingSet+1c2 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff6a3ff7f82c0, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff800030d42e2, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000005, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800032f80e0
 fffff6a3ff7f82c0 

FAULTING_IP: 
nt!MiAgeWorkingSet+1c2
fffff800`030d42e2 488b19          mov     rbx,qword ptr [rcx]

MM_INTERNAL_CODE:  5

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  iFrmewrk.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff880033e77a0 -- (.trap 0xfffff880033e77a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000007ffffffff8 rbx=0000000000000000 rcx=fffff6a3ff7f82c0
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800030d42e2 rsp=fffff880033e7930 rbp=00000023ff7f82c6
 r8=0000000000000001  r9=fffffa8006fb83f8 r10=0000000000000005
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
nt!MiAgeWorkingSet+0x1c2:
fffff800`030d42e2 488b19          mov     rbx,qword ptr [rcx] ds:fffff6a3`ff7f82c0=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff8000313f8c1 to fffff800030c0740

STACK_TEXT:  
fffff880`033e7638 fffff800`0313f8c1 : 00000000`00000050 fffff6a3`ff7f82c0 00000000`00000000 fffff880`033e77a0 : nt!KeBugCheckEx
fffff880`033e7640 fffff800`030be82e : 00000000`00000000 00000980`00000000 00000000`00000000 00000000`000000ef : nt! ?? ::FNODOBFM::`string'+0x40e8b
fffff880`033e77a0 fffff800`030d42e2 : 00000003`00000000 a0700000`ace84825 00000000`00000000 00000000`00000207 : nt!KiPageFault+0x16e
fffff880`033e7930 fffff800`03142a5e : fffffa80`06fb83f8 fffff880`00000001 00000000`00000001 fffff880`033e7bb0 : nt!MiAgeWorkingSet+0x1c2
fffff880`033e7ae0 fffff800`030d4ee2 : 00000000`00000b17 00000000`00000000 fffffa80`00000000 00000000`00000002 : nt! ?? ::FNODOBFM::`string'+0x496d6
fffff880`033e7b80 fffff800`030d5173 : 00000000`00000008 fffff880`033e7c10 00000000`00000001 fffffa80`00000000 : nt!MmWorkingSetManager+0x6e
fffff880`033e7bd0 fffff800`03364c06 : fffffa80`06dba040 00000000`00000080 fffffa80`06d8b740 00000000`00000001 : nt!KeBalanceSetManager+0x1c3
fffff880`033e7d40 fffff800`0309ec26 : fffff880`009ce180 fffffa80`06dba040 fffff880`009d90c0 01cafb5b`b7ef7600 : nt!PspSystemThreadStartup+0x5a
fffff880`033e7d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!MiAgeWorkingSet+1c2
fffff800`030d42e2 488b19          mov     rbx,qword ptr [rcx]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!MiAgeWorkingSet+1c2

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4c1c44a9

IMAGE_NAME:  memory_corruption

FAILURE_BUCKET_ID:  X64_0x50_nt!MiAgeWorkingSet+1c2

BUCKET_ID:  X64_0x50_nt!MiAgeWorkingSet+1c2

Followup: MachineOwner
---------

repstosw · 08 Feb 2011

Thanks for the swift reply!

I ran the tool and am attaching the results.
For some reason perfmon /report just gives me an error message, but I'll try again and post if it works.

repstosw · 08 Feb 2011

Now the perfmon ran properly. Attaching report.

wish · 09 Feb 2011

Hi,
For troubleshooting purpose, uninstall Norman Security and replace it with MSE.
http://www.microsoft.com/security_essentials/

Also uninstall accelerometer.

Then we'll see if the problem persist, then test your RAM:
RAM - Test with Memtest86+

Code:

Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16617.amd64fre.win7_gdr.100618-1621
Machine Name:
Kernel base = 0xfffff800`03065000 PsLoadedModuleList = 0xfffff800`032a2e50
Debug session time: Tue Feb  8 06:09:35.806 2011 (GMT-8)
System Uptime: 0 days 0:30:47.977
Loading Kernel Symbols
.

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

..............................................................
................................................................
.....................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41790, fffffa80033af7d0, ffff, 0}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+33906 )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa80033af7d0
Arg3: 000000000000ffff
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_41790

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  consent.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80003148f9e to fffff800030d5740

STACK_TEXT:  
fffff880`0ab098c8 fffff800`03148f9e : 00000000`0000001a 00000000`00041790 fffffa80`033af7d0 00000000`0000ffff : nt!KeBugCheckEx
fffff880`0ab098d0 fffff800`030a8c23 : ffffffff`00000000 00000000`0291ffff fffffa80`00000000 fffffa80`08cc19f0 : nt! ?? ::FNODOBFM::`string'+0x33906
fffff880`0ab09a90 fffff800`033badcf : fffff8a0`0bf4b060 00000000`00000001 00000000`00000000 fffffa80`08cc19f0 : nt!MmCleanProcessAddressSpace+0x62f
fffff880`0ab09ae0 fffff800`0339285b : 00000000`00000000 00000000`00000001 000007ff`fffde000 00000000`00000000 : nt!PspExitThread+0x92f
fffff880`0ab09ba0 fffff800`030d4993 : fffffa80`085165f0 fffff880`00000000 00000000`00284500 fffffa80`08cc19f0 : nt!NtTerminateProcess+0x25b
fffff880`0ab09c20 00000000`771f001a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`000efa68 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x771f001a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+33906
fffff800`03148f9e cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+33906

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4c1c44a9

FAILURE_BUCKET_ID:  X64_0x1a_41790_VRF_nt!_??_::FNODOBFM::_string_+33906

BUCKET_ID:  X64_0x1a_41790_VRF_nt!_??_::FNODOBFM::_string_+33906

Followup: MachineOwner
---------