Antivirus Software:
Code:
msmpeng.exe c:\program files\microsoft security client\antimalware\msmpeng.exe 836 8 200 1380 3/13/2012 7:55 PM 3.0.8402.0 12.48 KB (12,784 bytes) 4/27/2011 5:21 PM
nissrv.exe c:\program files\microsoft security client\antimalware\nissrv.exe 2372 8 200 1380 3/13/2012 7:55 PM 3.0.8402.0 281.52 KB (288,272 bytes) 4/27/2011 5:21 PM
msseces.exe c:\program files\microsoft security client\msseces.exe 2236 8 200 1380 3/13/2012 7:55 PM 2.1.1116.0 1.37 MB (1,436,736 bytes) 6/15/2011 2:35 PM
Possible out of date drivers:
Code:
ASACPI fffff880`040a8000 fffff880`040b0000 Sun Mar 27 20:30:36 2005 (42476c4c) 00003c77 ASACPI.sys
L1C62x64 fffff880`04024000 fffff880`04036000 Tue Mar 31 23:09:17 2009 (49d2f6fd) 0001660a L1C62x64.sys
AtiPcie fffff880`015f0000 fffff880`015f8000 Tue May 05 09:00:22 2009 (4a005486) 000134c7 AtiPcie.sys
Older versions of ASACPI.SYS are a known BSOD problem on Windows 7. Update the driver by:
- Going to the Asus motherboard support site
When you reach the website: - Scroll down the page and click Utilities
- Hold Ctrl and press f (ctrl+f) to enter the browser's find feature
- Search for "ATK0110 driver for WindowsXP/Vista/Win7 32&64-bit" (without quotes)
- Download and install the driver.
- After installation is complete, verify that it installed correctly.
- Click Start Menu
- Click My Computer
- Go to C:\WIndows\System32\drivers\
- Verify that the ASACPI.SYS file is dated 2009 or newer (2010,etc.)
Thanks to JMH and zigzag3143 for the above information.
I would also highly recommend updating the AR8131 driver:
L1C62x64.sys Update AR8131 through the AR8131 row and Windows 7 64-bit column.
AtiPcie.sys
Code:
-
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\Kingston\BSODDmpFiles\Rosey\Windows_NT6_BSOD_jcgriff2\031312-13291-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02a16000 PsLoadedModuleList = 0xfffff800`02c53e70
Debug session time: Tue Mar 13 17:51:55.908 2012 (UTC - 6:00)
System Uptime: 0 days 0:02:18.656
Loading Kernel Symbols
...............................................................
................................................................
................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck A, {8, 2, 1, fffff80002a92282}
Probably caused by : ntkrnlmp.exe ( nt!KiTimerExpiration+f2 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002a92282, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cbe0e0
0000000000000008
CURRENT_IRQL: 2
FAULTING_IP:
nt!KiTimerExpiration+f2
fffff800`02a92282 48894808 mov qword ptr [rax+8],rcx
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: System
TRAP_FRAME: fffff88002d1baa0 -- (.trap 0xfffff88002d1baa0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8005fb4950
rdx=00000000000000b8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002a92282 rsp=fffff88002d1bc30 rbp=00000000000022b8
r8=fffffa8005d7f420 r9=00000000000000c0 r10=00000000000000b8
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po cy
nt!KiTimerExpiration+0xf2:
fffff800`02a92282 48894808 mov qword ptr [rax+8],rcx ds:c9e0:00000000`00000008=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002a85b29 to fffff80002a865c0
STACK_TEXT:
fffff880`02d1b958 fffff800`02a85b29 : 00000000`0000000a 00000000`00000008 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`02d1b960 fffff800`02a847a0 : fffffa80`05204900 00000000`52a545f2 00000000`000022b8 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`02d1baa0 fffff800`02a92282 : 00000000`52a51ee2 fffff880`02d1bc58 00000000`000022b8 fffff880`009ecc88 : nt!KiPageFault+0x260
fffff880`02d1bc30 fffff800`02a91b57 : 00000000`193536c0 00000000`000022b8 00000000`19353697 00000000`000000b8 : nt!KiTimerExpiration+0xf2
fffff880`02d1bcd0 fffff800`02a8ed8a : fffff880`009e9180 fffff880`009f3fc0 00000000`00000000 fffff880`040bb588 : nt!KiRetireDpcList+0x277
fffff880`02d1bd80 00000000`00000000 : fffff880`02d1c000 fffff880`02d16000 fffff880`02d1bd40 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiTimerExpiration+f2
fffff800`02a92282 48894808 mov qword ptr [rax+8],rcx
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!KiTimerExpiration+f2
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
FAILURE_BUCKET_ID: X64_0xA_nt!KiTimerExpiration+f2
BUCKET_ID: X64_0xA_nt!KiTimerExpiration+f2
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\Rosey\Windows_NT6_BSOD_jcgriff2\031312-18673-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02a01000 PsLoadedModuleList = 0xfffff800`02c3ee70
Debug session time: Tue Mar 13 17:48:40.886 2012 (UTC - 6:00)
System Uptime: 0 days 0:02:35.634
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1000007E, {ffffffffc0000005, fffff880051b3018, fffff880057d8668, fffff880057d7ed0}
Probably caused by : dxgmms1.sys ( dxgmms1!VIDMM_GLOBAL::EvictAllocation+8c )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff880051b3018, The address that the exception occurred at
Arg3: fffff880057d8668, Exception Record Address
Arg4: fffff880057d7ed0, Context Record Address
Debugging Details:
------------------
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
dxgmms1!VIDMM_GLOBAL::EvictAllocation+8c
fffff880`051b3018 ff5018 call qword ptr [rax+18h]
EXCEPTION_RECORD: fffff880057d8668 -- (.exr 0xfffff880057d8668)
ExceptionAddress: fffff880051b3018 (dxgmms1!VIDMM_GLOBAL::EvictAllocation+0x000000000000008c)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
CONTEXT: fffff880057d7ed0 -- (.cxr 0xfffff880057d7ed0)
rax=48706657020c0008 rbx=fffff8a006d985e8 rcx=fffffa80055fa1c0
rdx=fffff8a006e7b4b0 rsi=fffff8a006d985e8 rdi=fffff8a006e7b5b8
rip=fffff880051b3018 rsp=fffff880057d88a0 rbp=fffff8a006e7b5b8
r8=0000000000000000 r9=fffff880057d8880 r10=fffff8a007b657c0
r11=fffff88003e1ea08 r12=fffff8a006e7b4b0 r13=fffffa80057f1000
r14=0000000000000000 r15=0000000000000001
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
dxgmms1!VIDMM_GLOBAL::EvictAllocation+0x8c:
fffff880`051b3018 ff5018 call qword ptr [rax+18h] ds:002b:48706657`020c0020=????????????????
Resetting default scope
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ca90e0
ffffffffffffffff
FOLLOWUP_IP:
dxgmms1!VIDMM_GLOBAL::EvictAllocation+8c
fffff880`051b3018 ff5018 call qword ptr [rax+18h]
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from fffff880051afee4 to fffff880051b3018
STACK_TEXT:
fffff880`057d88a0 fffff880`051afee4 : fffff8a0`06e7b4b0 fffffa80`066f7230 fffffa80`057f1000 fffffa80`057605b0 : dxgmms1!VIDMM_GLOBAL::EvictAllocation+0x8c
fffff880`057d88e0 fffff880`051aced3 : 00000000`00000000 fffffa80`03b690b8 00000000`00000016 00000000`00000000 : dxgmms1!VIDMM_GLOBAL::ReferenceAllocationForPreparation+0x218
fffff880`057d8910 fffff880`051c765d : 00000000`00000000 fffff8a0`07743eb0 fffffa80`00000000 fffffa80`06298010 : dxgmms1!VIDMM_GLOBAL::PrepareDmaBuffer+0x43f
fffff880`057d8ae0 fffff880`051c7398 : fffff800`00b96080 fffff880`051c6d00 fffffa80`00000000 fffffa80`00000000 : dxgmms1!VidSchiSubmitRenderCommand+0x241
fffff880`057d8cd0 fffff880`051c6e96 : 00000000`00000000 fffffa80`06098550 00000000`00000080 fffffa80`03a122e0 : dxgmms1!VidSchiSubmitQueueCommand+0x50
fffff880`057d8d00 fffff800`02d116fa : 00000000`02e1645f fffffa80`055fab60 fffffa80`0396c9e0 fffffa80`055fab60 : dxgmms1!VidSchiWorkerThread+0xd6
fffff880`057d8d40 fffff800`02a4fb46 : fffff800`02bebe80 fffffa80`055fab60 fffff800`02bf9c40 fffff880`0124b810 : nt!PspSystemThreadStartup+0x5a
fffff880`057d8d80 00000000`00000000 : fffff880`057d9000 fffff880`057d3000 fffff880`057d8690 00000000`00000000 : nt!KiStartSystemThread+0x16
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: dxgmms1!VIDMM_GLOBAL::EvictAllocation+8c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: dxgmms1
IMAGE_NAME: dxgmms1.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d3fa174
STACK_COMMAND: .cxr 0xfffff880057d7ed0 ; kb
FAILURE_BUCKET_ID: X64_0x7E_dxgmms1!VIDMM_GLOBAL::EvictAllocation+8c
BUCKET_ID: X64_0x7E_dxgmms1!VIDMM_GLOBAL::EvictAllocation+8c
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\Rosey\Windows_NT6_BSOD_jcgriff2\031312-21216-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
DbsSplayTreeRangeMap::Add: ignoring zero-sized range at ?fffff800`03fa4500?
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02a0d000 PsLoadedModuleList = 0xfffff800`02c4ae70
Debug session time: Tue Mar 13 01:43:44.698 2012 (UTC - 6:00)
System Uptime: 0 days 4:11:44.446
Loading Kernel Symbols
...............................................................
................................................................
.................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 9F, {3, fffffa800590dab0, fffff80003fa4518, fffffa80061b64c0}
*** WARNING: Unable to verify timestamp for atikmpag.sys
*** ERROR: Module load completed but symbols could not be loaded for atikmpag.sys
Probably caused by : atikmpag.sys
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_POWER_STATE_FAILURE (9f)
A driver is causing an inconsistent power state.
Arguments:
Arg1: 0000000000000003, A device object has been blocking an Irp for too long a time
Arg2: fffffa800590dab0, Physical Device Object of the stack
Arg3: fffff80003fa4518, Functional Device Object of the stack
Arg4: fffffa80061b64c0, The blocked IRP
Debugging Details:
------------------
DRVPOWERSTATE_SUBCODE: 3
DRIVER_OBJECT: fffffa80050abaf0
IMAGE_NAME: atikmpag.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4dae3558
MODULE_NAME: atikmpag
FAULTING_MODULE: fffff88003d8e000 atikmpag
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x9F
PROCESS_NAME: System
CURRENT_IRQL: 2
STACK_TEXT:
fffff800`03fa44c8 fffff800`02aec1d3 : 00000000`0000009f 00000000`00000003 fffffa80`0590dab0 fffff800`03fa4518 : nt!KeBugCheckEx
fffff800`03fa44d0 fffff800`02a8912e : fffff800`03fa4600 fffff800`03fa4600 00000000`00000001 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x29270
fffff800`03fa4570 fffff800`02a88c76 : fffffa80`0593ac68 fffffa80`0593ac68 00000000`00000000 00000000`00000000 : nt!KiProcessTimerDpcTable+0x66
fffff800`03fa45e0 fffff800`02a8934e : 00000023`2af39df1 fffff800`03fa4c58 00000000`000ec623 fffff800`02bfa6e8 : nt!KiProcessExpiredTimerList+0xc6
fffff800`03fa4c30 fffff800`02a88b57 : 0000000a`b13c3fc5 0000000a`000ec623 0000000a`b13c3faa 00000000`00000023 : nt!KiTimerExpiration+0x1be
fffff800`03fa4cd0 fffff800`02a85d8a : fffff800`02bf7e80 fffff800`02c05c40 00000000`00000000 fffff880`03f88db0 : nt!KiRetireDpcList+0x277
fffff800`03fa4d80 00000000`00000000 : fffff800`03fa5000 fffff800`03f9f000 fffff800`03fa4d40 00000000`00000000 : nt!KiIdleLoop+0x5a
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
FAILURE_BUCKET_ID: X64_0x9F_3_IMAGE_atikmpag.sys
BUCKET_ID: X64_0x9F_3_IMAGE_atikmpag.sys
Followup: MachineOwner
---------
- Possible causes are Memory problems... Corrupted hard disk file system... Corrupted System Files... BIOS... Lack of Windows updates... Antivirus Software... Backup... Hardware...
- DirectX/graphics card related. Other possible causes are Memory problems... BIOS... Corrupted hard disk file system... Corrupted System Files... Lack of Windows updates... Drivers...
- Your graphics card did not respond to the system or its driver did not respond to the system when instructed to either turn off or turn on during a sleep cycle/hibernation cycle/shut down/startup event.
Thanks to Dave76 for help understanding possible causes.
We will start with the common problems first (see bold possible causes). Do the following steps and test by doing your normal routine after each step to see if stability increases (the memory tests you can run concurrently as they will not increase stability unless you are forced to move modules around). Post back your results after each step, and if you get a blue screen crash, upload the files again and await further instructions after we are able to analyze the crash.
If you can do your normal routine for a few weeks without a crash, and your crashes are usually more frequent than that, then the problem is likely solved.
- If you are overclocking any hardware, please stop.
- First, see if the driver updates above help, then proceed with the following steps if the system still is not stable.
- Try re-installing DirectX using the Download: DirectX Redist (June 2010) - Microsoft Download Center - Download Details and see how the system responds.
Follow the steps for Diagnosing basic problems with DirectX. To re-install your display card drivers as outlined in the DirectX link, use the following steps.
- Download the latest drivers for your display card(s)
- Click Start Menu
- Right Click My Computer/Computer
- Click Manage
- Click Device Manager from the list on the left
- Expand Display adapters
- Do the following for each adapter (in case you have multiple display cards)
- Right click the adapter
- Click Uninstall (do not click OK in the dialog box that pops up after hitting Uninstall)
- Put a tick in Delete driver software for this device (if this option is available, otherwise just hit OK) and hit OK
- Restart your computer after uninstalling drivers for all display cards
- Install the latest driver for the display cards once Windows starts
Alternatively:
- Login as an adminstrative user
- Download the latest drivers for your display card(s)
- Click Start Menu
- Click Control Panel
- Click Hardware and Sound
- Click Device Manager (the last link under Devices and Printers)
- Expand Display adapters
- Do the following for each adapter (in case you have multiple display cards)
- Right click the adapter
- Click Uninstall (do not click OK in the dialog box that pops up after hitting Uninstall)
- Put a tick in Delete driver software for this device (if this option is available, otherwise just hit OK) and hit OK
- Restart your computer after uninstalling drivers for all display cards
- Install the latest driver for the display cards once Windows starts
- Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete (run them an hour before bed each of the next two nights and check before going to sleep that they are still running).
If you swap any memory components, follow these steps for ESD safety:
- Shut down and turn off your computer.
- Unplug all power supplies to the computer (AC Power then battery for laptops, AC power for desktops)
- Hold down the power button for 30 seconds to close the circuit and ensure all power drains from components.
- Make sure you are grounded by using proper grounding techniques, i.e. work on an anti-static workbench, anti-static desk, or an anti-static pad. Hold something metallic while touching it to the anti-static surface, or use an anti-static wristband to attach to the anti-static material while working.
Once these steps have been followed, it is safe to remove and replace components within your computer.
Update to Service Pack 1 (SP1)
Links to Service Pack 1 (SP1) and preparation for SP1 courtesy of JMH
Install all remaining Windows updates once SP1 has been installed.