Problematic Software:
Code:
ascservice.exe c:\program files (x86)\iobit\advanced systemcare 5\ascservice.exe 760 13 200 1380 21/3/2012 7:09 μμ 5.0.0.39 892,34 KB (913.752 bytes) 18/3/2012 11:32 μμ
asctray.exe c:\program files (x86)\iobit\advanced systemcare 5\asctray.exe 2468 8 200 1380 21/3/2012 7:09 μμ 5.2.0.257 560,84 KB (574.296 bytes) 18/3/2012 11:32 μμ
Many of us on the forums actually do not recommend automated optimization tools for Windows 7. Windows 7 does a much better job of handling its own optimization than its predecessors did. We especially do not recommend registry cleaning as an "optimization" step because automated registry cleaning causes more harm to the registry than it actually repairs.
In the future, if you need help optimizing Windows 7, please post a thread in Performance & Maintenance - Windows 7 Forums or follow the tutorial enclosed in that forum to Optimize Windows 7.
Remove:
Code:
ssscheduler.exe c:\program files (x86)\mcafee security scan\2.0.181\ssscheduler.exe 2620 8 200 1380 21/3/2012 7:09 μμ 2.0.181.0 249,55 KB (255.536 bytes) 15/1/2010 2:49 μμ
Security Software: ????
Possible out of date drivers:
Code:
RTKVHD64 fffff880`08e14000 fffff880`08f7df80 Thu Jul 24 04:05:39 2008 (488853f3) 0016db24 RTKVHD64.sys
gdrv fffff880`09a9b000 fffff880`09aa4000 Fri Aug 08 12:28:54 2008 (489c9066) 00009d45 gdrv.sys
jraid fffff880`00dd3000 fffff880`00dee000 Mon Nov 03 19:20:09 2008 (490fb159) 0001ef62 jraid.sys
Rt64win7 fffff880`07d72000 fffff880`07da4000 Thu Feb 26 02:04:13 2009 (49a65b0d) 000361a5 Rt64win7.sys
RTKVHD64.sys
gdrv.sys
jraid.sys
Rt64win7.sys
Update the above drivers. If you cannot find an update to the Gigabyte Easy Saver - mobo power utility, remove the software. When the power utility is out of date, it is known to cause crashes.
Code:
- Loading Dump File [D:\Kingston\BSODDmpFiles\WardenGr\Windows_NT6_BSOD_jcgriff2\032112-16161-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02e1f000 PsLoadedModuleList = 0xfffff800`0305ce70
Debug session time: Wed Mar 21 11:03:46.958 2012 (UTC - 6:00)
System Uptime: 0 days 0:03:51.004
Loading Kernel Symbols
...............................................................
................................................................
................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 1A, {41284, 3a4d001, 0, fffff70001080000}
Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4a13 )
Followup: MachineOwner
---------
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041284, A PTE or the working set list is corrupt.
Arg2: 0000000003a4d001
Arg3: 0000000000000000
Arg4: fffff70001080000
Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41284
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: firefox.exe
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff80002ee42e3 to fffff80002e8f5c0
STACK_TEXT:
fffff880`0b885978 fffff800`02ee42e3 : 00000000`0000001a 00000000`00041284 00000000`03a4d001 00000000`00000000 : nt!KeBugCheckEx
fffff880`0b885980 fffff800`02ec1aaa : cd600001`0db09025 fffffa80`05145c20 fffff880`0b885a40 fffffa80`078ffd80 : nt! ?? ::FNODOBFM::`string'+0x4a13
fffff880`0b8859c0 fffff800`02e5db7e : fffffa80`0837d490 fffff880`0112b711 00000000`00000001 cd600001`0db09025 : nt!MiGetPageProtection+0xaa
fffff880`0b885a00 fffff800`02e5d81a : fffffa80`05145c20 fffffa80`07d2e060 fffffa80`07d2e060 00000000`03a4d000 : nt!MiQueryAddressState+0x2ae
fffff880`0b885a50 fffff800`031738f8 : 00000000`00000002 00000000`03a4e000 fffffa80`05145c20 00000000`032ff970 : nt!MiQueryAddressSpan+0xaa
fffff880`0b885ac0 fffff800`02e8e813 : ffffffff`ffffffff fffffa80`07984b60 00000000`00000000 00000000`0270e758 : nt!NtQueryVirtualMemory+0x386
fffff880`0b885bb0 00000000`7733f8ea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0270e738 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7733f8ea
STACK_COMMAND: kb
FOLLOWUP_IP:
nt! ?? ::FNODOBFM::`string'+4a13
fffff800`02ee42e3 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt! ?? ::FNODOBFM::`string'+4a13
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
FAILURE_BUCKET_ID: X64_0x1a_41284_nt!_??_::FNODOBFM::_string_+4a13
BUCKET_ID: X64_0x1a_41284_nt!_??_::FNODOBFM::_string_+4a13
Followup: MachineOwner
---------
-
Loading Dump File [D:\Kingston\BSODDmpFiles\WardenGr\Windows_NT6_BSOD_jcgriff2\032112-24944-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02e4d000 PsLoadedModuleList = 0xfffff800`0308ae70
Debug session time: Wed Mar 21 10:20:41.219 2012 (UTC - 6:00)
System Uptime: 0 days 0:03:15.265
Loading Kernel Symbols
...............................................................
................................................................
..................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {fffffa8019c42c50, 0, fffff80002ee773b, 2}
Could not read faulting driver name
Probably caused by : memory_corruption ( nt!MmUnmapViewInSystemCache+1cc )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa8019c42c50, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80002ee773b, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
Debugging Details:
------------------
Could not read faulting driver name
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030f50e0
fffffa8019c42c50
FAULTING_IP:
nt!MmUnmapViewInSystemCache+1cc
fffff800`02ee773b 8b5d00 mov ebx,dword ptr [rbp]
MM_INTERNAL_CODE: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: System
CURRENT_IRQL: 0
TRAP_FRAME: fffff88003345870 -- (.trap 0xfffff88003345870)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000058000000000 rbx=0000000000000000 rcx=0000000fffffffff
rdx=0000000000000002 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ee773b rsp=fffff88003345a00 rbp=fffffa8019c42c50
r8=fffff780c0000000 r9=fffff98016817000 r10=fffffa800851b790
r11=fffff80003049e00 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!MmUnmapViewInSystemCache+0x1cc:
fffff800`02ee773b 8b5d00 mov ebx,dword ptr [rbp] ss:fffffa80`19c42c50=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80002f3c7d2 to fffff80002ebd5c0
STACK_TEXT:
fffff880`03345708 fffff800`02f3c7d2 : 00000000`00000050 fffffa80`19c42c50 00000000`00000000 fffff880`03345870 : nt!KeBugCheckEx
fffff880`03345710 fffff800`02ebb6ae : 00000000`00000000 fffff980`16816008 00000038`00000000 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0x40d80
fffff880`03345870 fffff800`02ee773b : 00000000`00001d64 fffffa80`01ae5420 fffff880`03345b40 fffff880`03345b40 : nt!KiPageFault+0x16e
fffff880`03345a00 fffff800`031d103d : fffff980`16817000 fffff8a0`09470af0 00000000`00000001 00000000`00000001 : nt!MmUnmapViewInSystemCache+0x1cc
fffff880`03345ce0 fffff800`02ed63b7 : 00000000`000c0000 fffffa80`04ee7de0 00000000`00000000 00000000`00100000 : nt!CcUnmapVacb+0x5d
fffff880`03345d20 fffff800`02edc205 : 00000000`00000001 00000000`00100000 fffffa80`050b7910 00000000`00000001 : nt!CcUnmapVacbArray+0x1b7
fffff880`03345db0 fffff800`031c0672 : 00000000`00100000 00000000`00100000 fffff880`03345f08 fffff880`03345f00 : nt!CcGetVirtualAddress+0x2c5
fffff880`03345e40 fffff880`012ae7cb : 00000000`00000000 fffffa80`04f35b60 fffff880`033462f8 00000000`0000000f : nt!CcMapData+0xd2
fffff880`03345f00 fffff880`01223a34 : 00000000`00100000 fffff880`033460d0 00000000`00100000 fffff880`01227b69 : Ntfs!NtfsMapStream+0x5b
fffff880`03345f40 fffff880`0122773c : fffff880`03346390 fffff8a0`094b0ac0 00000000`206c644d 00000000`00000000 : Ntfs!NtfsLockFileRange+0xa4
fffff880`03345fd0 fffff880`0122da12 : fffff880`03346390 fffffa80`081e6800 fffffa80`05d0e180 fffff8a0`094b0ac0 : Ntfs!NtfsNonCachedIo+0x91a
fffff880`033461a0 fffff880`01232413 : fffff880`03346390 fffffa80`081e6800 fffff880`03346500 fffff880`03346501 : Ntfs!NtfsCommonWrite+0x872
fffff880`03346360 fffff880`0110e23f : fffffa80`081e6ba0 fffffa80`081e6800 fffffa80`054b9a30 00000000`00000000 : Ntfs!NtfsFsdWrite+0x1c3
fffff880`033465e0 fffff880`0110c6df : fffffa80`05e6c900 fffffa80`0851b790 fffffa80`05e6c900 fffffa80`081e6800 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`03346670 fffff800`02eac1bf : fffffa80`081e6800 fffff880`03346c58 fffffa80`07e13010 00000000`00000000 : fltmgr!FltpDispatch+0xcf
fffff880`033466d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IoSynchronousPageWrite+0x24f
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!MmUnmapViewInSystemCache+1cc
fffff800`02ee773b 8b5d00 mov ebx,dword ptr [rbp]
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: nt!MmUnmapViewInSystemCache+1cc
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aa44
IMAGE_NAME: memory_corruption
FAILURE_BUCKET_ID: X64_0x50_nt!MmUnmapViewInSystemCache+1cc
BUCKET_ID: X64_0x50_nt!MmUnmapViewInSystemCache+1cc
Followup: MachineOwner
---------
- Possible causes are Memory problems... Drivers...
- Possible causes are Memory problems... Drivers... Hard disk errors... system file corruption... Missing Windows Updates... Other possible causes include Antivirus Software... Graphics card memory problems... BIOS...
Thanks to Dave76 for help understanding possible causes.
We will start with the common problems first (see bold possible causes). Do the following steps and test by doing your normal routine after each step to see if stability increases (the memory tests you can run concurrently as they will not increase stability unless you are forced to move modules around). Post back your results after each step, and if you get a blue screen crash, upload the files again and await further instructions after we are able to analyze the crash.
If you can do your normal routine for a few weeks without a crash, and your crashes are usually more frequent than that, then the problem is likely solved.
- If you are overclocking any hardware, please stop.
- Run Disk Check with both boxes checked for all HDDs and with Automatically fix file system errors checked for all SSDs. Post back your logs for the checks after finding them using Check Disk (chkdsk) - Read Event Viewer Log.
For any drives that do not give the message:
Windows has checked the file system and found no problems
run disk check again as above. In other words, if it says:
Windows has made corrections to the file system
after running the disk check, run the disk check again.
- Run SFC /SCANNOW Command - System File Checker up to three times to fix all errors with a restart in between each. Post back if it continues to show errors after a fourth run or if the first run comes back with no integrity violations.
- Install all Windows Updates.
- Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete (run them an hour before bed each of the next two nights and check before going to sleep that they are still running).
If you swap any memory components, follow these steps for ESD safety:
- Shut down and turn off your computer.
- Unplug all power supplies to the computer (AC Power then battery for laptops, AC power for desktops)
- Hold down the power button for 30 seconds to close the circuit and ensure all power drains from components.
- Make sure you are grounded by using proper grounding techniques, i.e. work on an anti-static workbench, anti-static desk, or an anti-static pad. Hold something metallic while touching it to the anti-static surface, or use an anti-static wristband to attach to the anti-static material while working.
Once these steps have been followed, it is safe to remove and replace components within your computer.
- An underlying driver may be incompatible\conflicting with your system. Run Driver Verifier to find any issues. To run Driver Verifier, do the following:
a.
Backup your system and user files
b.
Create a system restore point
c. If you do not have a Windows 7 DVD,
Create a system repair disc
d. In Windows 7:
- Click the Start Menu
- Type verifier in Search programs and files (do not hit enter)
- Right click verifier and click Run as administrator
- Put a tick in Create custom settings (for code developers) and click next
- Put a tick in Select individual settings from a full list and click next
- Set up the individual settings as in the image and click next
Attachment 203914 - Put a tick in Select driver names from a list
- Put a tick next to all non-Microsoft drivers.
- Click Finish.
- Restart your computer.
If Windows cannot start in normal mode with driver verifier running, start in safe mode. If it cannot start in safe mode or normal mode, restore the system restore point using
System Restore OPTION TWO.
Thanks to zigzag3143 for contributing to the Verifier steps.
If you are unable to start Windows with all drivers being verified or if the blue screen crashes fail to create .dmp files, run them in groups of 5 or 10 until you find a group that causes blue screen crashes and stores the blue screen .dmp files.
The idea with Verifier is to cause the system to crash, so do the things you normally do that cause crashes. After you have a few crashes, upload the crash reports for us to take a look and try to find patterns.