Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BSOD ntoskrnl.exe and NTFS.sys

31 May 2013   #21
ncsweeney

Windows 7 Ultimate x64
 
 

here it is


My System SpecsSystem Spec
.
31 May 2013   #22
Arc

Microsoft Community Contributor Award Recipient

Microsoft Windows 10 Pro Insider Preview 64-bit
 
 

Let us check the modules which are making the system crash.

avast! Virtualization Driver
Code:
fffff880`099083f8  fffff880`03ca5efaUnable to load image \SystemRoot\System32\Drivers\aswSnx.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswSnx.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswSnx.SYS
 aswSnx+0x6efa
Description here: Driver Reference Table - aswSnx.SYS

avast! Self Protection Driver
Code:
fffff880`099083e8  fffff880`03f3dcbcUnable to load image \SystemRoot\System32\Drivers\aswSP.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswSP.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswSP.SYS
 aswSP+0x48cbc
Description here: Driver Reference Table - aswSP.SYS

Uninstall Avast using Avast Uninstall Utility. Use Microsoft Security Essentials as your antivirus with windows inbuilt firewall, and free MBAM as the on demand scanner.
Download, install and update those, and then run full system scans with both of them, one by one.

Let us know the result.
_______________________________________________________________________________
BSOD ANALYSIS:
Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {fffffa802e299010, 2, 1, fffff80003137ca6}

Probably caused by : memory_corruption ( nt!MiReleaseConfirmedPageFileSpace+86 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffa802e299010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80003137ca6, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800032b2100
GetUlongFromAddress: unable to read from fffff800032b21c0
 fffffa802e299010 Nonpaged pool

CURRENT_IRQL:  2

FAULTING_IP: 
nt!MiReleaseConfirmedPageFileSpace+86
fffff800`03137ca6 480fb328        btr     qword ptr [rax],rbp

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  WerFault.exe

TRAP_FRAME:  fffff88009908620 -- (.trap 0xfffff88009908620)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800e499010 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003137ca6 rsp=fffff880099087b0 rbp=00000000ff000000
 r8=fffff880099087e0  r9=fffffa80100426c0 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!MiReleaseConfirmedPageFileSpace+0x86:
fffff800`03137ca6 480fb328        btr     qword ptr [rax],rbp ds:fffffa80`0e499010=0100000000000000
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff8000307a1a9 to fffff8000307ac00

STACK_TEXT:  
fffff880`099084d8 fffff800`0307a1a9 : 00000000`0000000a fffffa80`2e299010 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`099084e0 fffff800`03078e20 : fffff880`09908670 fffff800`03056450 fffffa80`00001000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`09908620 fffff800`03137ca6 : fffffa80`10042a58 00000000`00000000 fffffa80`0e415920 fffff704`4000cc40 : nt!KiPageFault+0x260
fffff880`099087b0 fffff800`030ebbda : 00000000`000000a8 fffff680`00011a00 00000000`02a98000 fffffa80`10042c60 : nt!MiReleaseConfirmedPageFileSpace+0x86
fffff880`09908830 fffff800`030ad7d9 : 00000000`00000000 00000000`02f10fff fffffa80`00000000 fffff880`00000000 : nt! ?? ::FNODOBFM::`string'+0x34f16
fffff880`099089f0 fffff800`033951c1 : fffffa80`0ffc0610 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiRemoveMappedView+0xd9
fffff880`09908b10 fffff800`033955c3 : 0000007f`00000000 00000000`02340000 fffffa80`00000001 fffffa80`0f8d8010 : nt!MiUnmapViewOfSection+0x1b1
fffff880`09908bd0 fffff800`03079e93 : 00000000`00000000 00000000`02f10808 fffffa80`100426c0 00000000`00000000 : nt!NtUnmapViewOfSection+0x5f
fffff880`09908c20 00000000`773e15ba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0023e098 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x773e15ba


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!MiReleaseConfirmedPageFileSpace+86
fffff800`03137ca6 480fb328        btr     qword ptr [rax],rbp

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!MiReleaseConfirmedPageFileSpace+86

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP:  5147d9c6

IMAGE_NAME:  memory_corruption

FAILURE_BUCKET_ID:  X64_0xA_nt!MiReleaseConfirmedPageFileSpace+86

BUCKET_ID:  X64_0xA_nt!MiReleaseConfirmedPageFileSpace+86

Followup: MachineOwner
---------
My System SpecsSystem Spec
31 May 2013   #23
ncsweeney

Windows 7 Ultimate x64
 
 

Thanks, I'll try that tonight after work.
My System SpecsSystem Spec
.

02 Jun 2013   #24
ncsweeney

Windows 7 Ultimate x64
 
 

alrighty, so i uninstalled avast. installed MS security essentials and ran a full scan. no problems there. now installed malware bytes and am running that full scan. ill let you know if i have any problems
My System SpecsSystem Spec
02 Jun 2013   #25
Arc

Microsoft Community Contributor Award Recipient

Microsoft Windows 10 Pro Insider Preview 64-bit
 
 

The scans are for safety reason, as the antivirus was failing and causing BSODs.

Let us know how the system is running without avast.
My System SpecsSystem Spec
02 Jun 2013   #26
ncsweeney

Windows 7 Ultimate x64
 
 

will do. you guys are awesome by the way! =)
My System SpecsSystem Spec
06 Jun 2013   #27
ncsweeney

Windows 7 Ultimate x64
 
 

the joy continues...
My System SpecsSystem Spec
07 Jun 2013   #28
Arc

Microsoft Community Contributor Award Recipient

Microsoft Windows 10 Pro Insider Preview 64-bit
 
 

Your crash dumps are not showing any finite probable cause. In such a situation, it is better to enable Driver Verifier to monitor the drivers.
Driver Verifier - Enable and Disable
Run Driver Verifier for 24 hours or the occurrence of the next crash, whichever is earlier.

information   Information
Why Driver Verifier:
It puts a stress on the drivers, ans so it makes the unstable drivers crash. Hopefully the driver that crashes is recorded in the memory dump.

How Can we know that DV is enabled:
It will make the system bit of slow, laggy.

warning   Warning
Before enabling DV, make it sure that you have earlier System restore points made in your computer. You can check it easily by using CCleaner looking at Tools > System Restore.

If there is no points, make a System Restore Point manually before enabling DV.

Tip   Tip

Let us know the results, with the subsequent crash dumps, if any.
My System SpecsSystem Spec
09 Jun 2013   #29
ncsweeney

Windows 7 Ultimate x64
 
 

so, been running the verifier. have had a couple crashes. not sure if they actually made a dump log because it just froze up into a blurry screen with the speakers buzzing. here is the crash log anyway. oh, and i turned off the verifier now
My System SpecsSystem Spec
09 Jun 2013   #30
Arc

Microsoft Community Contributor Award Recipient

Microsoft Windows 10 Pro Insider Preview 64-bit
 
 

There is no new crash dump after 06/06 ..... so probably we have to wait for another incident.
My System SpecsSystem Spec
Reply

 BSOD ntoskrnl.exe and NTFS.sys




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
BSOD's ntfs.sys and ntoskrnl.exe
Hello all. Ok so unfortunately I only have one of the two minidump files available from the last two BSOD's I've had. I have the one from about a month ago because I saved it to my USB stick, however I had another BSOD last night, which created a new dumpfile as expected, but today it's now...
BSOD Help and Support
BSOD Address:ntoskrnl.exe+75bc0; dxgmms1.sys,ntoskrnl.exe,Ntfs.sys
Hi, to make things easier for you,below is the Bug Check String, Driver, and crash address SYSTEM_SERVICE_EXCEPTION___dxgmms1.sys___ntoskrnl.exe+75bc0 MEMORY_MANAGEMENT_______ntoskrnl.exe____ntoskrnl.exe+75bc0 SYSTEM_SERVICE_EXCEPTION___ntoskrnl.exe____ntoskrnl.exe+75bc0...
BSOD Help and Support
BSOD caused by ntfs.sys & ntoskrnl.exe
Hi Guys ... For some obscure reason my system keeps crashing when it is on idle mode. I keep gettin that darn infernal msg that the crash was caused by ntfs.sys I have tried each and everythin possible that I know of yet the issue is not resolved. The dump files are attached. Hopefully I...
BSOD Help and Support
BSOD - ntoskrnl.exe and ntfs.sys
Hello, I am having BSOD randomly and it can occur even when I am not doing anything. I am using a toshiba satellite laptop and run on an ssd vertex3 ocz operating on windows 7 ultimate. There are two different stop codes, the one that occurs most frequently is 0x000000f4 and the other is...
BSOD Help and Support
bsod caused by ntoskrnl.exe and Ntfs.sys
hello, i've recently bought a new computer but finding it frustrating that i keep getting the bsod randomly as i use my computer. using blue screenview, its saying that the bsod was caused by ntoskrnl.exe and Ntfs.sys. i am in desperate need of help and would be very grateful for any solutions...
BSOD Help and Support
BSOD after upgrading RAM, especially ntfs.sys and ntoskrnl.exe
Hello everyone, my nameís fadli. Iím a newbie here, and also this is my first post so far. For some times Iíve had used this website to troubleshoot all my problems and so many have been repaired, but this time itís killing me so much to repair this problem. Okay here it is , 3 days ago I...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 13:13.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App