Plagued by random BSoDs

And last night I got another BSoD. It didn't dump (and it doesn't appear to have written to the log), it said something about memory issues. I don't recall the exact message, but if I see the message I'd reconise it.

Ran the memory tester again for 20 hours, with the lid closed and internal cooling only; this way, if the issue was from RAM and thermal-related, I would get failures. Result ended up as 11 pass and 0 fail, while I've had the BSoDs occur in less time with less processor load. I'm convinced that whatever driver is causing this gave Windows a false positive for bad memory in the most recent BSoD.

Quick update, just enabled Verifier again, set to only monitor the special pool (which is what triggered the previous Verifier dump). Hopefully this will have a minimal impact on preformance, compared to several of the other options.

EDIT: Quick side question, any way to get Windows to run a program with access to MEMORY.DMP on boot (not login)? I want to throw something quick together which will compress the MEMORY.DMPs automatically, or at least move them out of the way in case there is another crash before I grab the dump.

BSoD, PAGE_FAULT_IN_NONPAGED_AREA:

Code:

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff96000bd02a8, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff960000cd22a, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000002, (reserved)
(...)
STACK_TEXT:  
fffff880`02af0788 fffff800`035465e4 : 00000000`00000050 fffff960`00bd02a8 00000000`00000000 fffff880`02af08f0 : nt!KeBugCheckEx
fffff880`02af0790 fffff800`034c7cee : 00000000`00000000 fffff960`00bd02a8 00000000`40000100 fffff900`c0408a00 : nt! ?? ::FNODOBFM::`string'+0x43836
fffff880`02af08f0 fffff960`000cd22a : 00000000`0dc5fd20 fffffa80`09cb9630 fffff880`02af0b60 00000000`00022f78 : nt!KiPageFault+0x16e
fffff880`02af0a80 fffff960`000e2a2d : 00000000`000a05c0 00000000`fff5c000 00000000`0dc5fd20 00000000`fff5c000 : win32k!ValidateHwnd+0xda
fffff880`02af0ab0 fffff800`034c8e53 : fffffa80`09cb9630 00000000`0f44f1d8 00000000`00000000 00000000`0000c028 : win32k!NtUserGetProp+0x25
fffff880`02af0ae0 00000000`72a7feba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0dc5e5f8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x72a7feba

Dump is at http://cdusto.selfip.com/7f_dump_05.zip

Still waiting on a new Verifier bugcheck.

How does it rename the dump files? I just searched through the Windows/ tree, I don't see them, and there should be at least 2 from the past 24 hours...

Code:

c:\Windows>find | grep -i dmp$
find: `./Logs/SystemRestore': Permission denied
./LiveKernelReports/WATCHDOG/WD-20141129-2203.dmp
./LiveKernelReports/WATCHDOG/WD-20141214-2115.dmp
./LiveKernelReports/WATCHDOG/WD-20150103-1632.dmp
./LiveKernelReports/WATCHDOG/WD-20150105-1726.dmp
./LiveKernelReports/WATCHDOG/WD-20150108-2305.dmp
./LiveKernelReports/WATCHDOG/WD-20150116-1849.dmp
./LiveKernelReports/WATCHDOG/WD-20150124-1206.dmp
./LiveKernelReports/WATCHDOG/WD-20150125-1442.dmp
./LiveKernelReports/WATCHDOG/WD-20150130-0126.dmp
find: `./Logs/WindowsBackup': Permission denied
./MEMORY.DMP
find: `./PCHEALTH/ERRORREP/QHEADLES': Permission denied
find: `./PCHEALTH/ERRORREP/QSIGNOFF': Permission denied
./Minidump/020715-34133-01.dmp
./Minidump/020815-27768-01.dmp
./Minidump/020815-28516-01.dmp
./Minidump/020815-29016-01.dmp
./Minidump/020915-25802-01.dmp
./Minidump/021215-34944-01.dmp
find: `./Prefetch': Permission denied
./ServiceProfiles/LocalService/AppData/Local/CrashDumps/svchost.exe.1076.dmp
./ServiceProfiles/LocalService/AppData/Local/CrashDumps/svchost.exe.1980.dmp
./System32/com/dmp
find: `./System32/LogFiles/HTTPERR': Permission denied
./System32/LogFiles/WUDF/WudfHost_ext__1508.dmp
./SysWOW64/com/dmp
find: `./Temp/72ACDBDC-322C-447D-988B-A292E804BEC4-Sigs': Permission denied
find: `./Temp/SDIAG_3034da67-67e4-4a91-bbed-f5bb7d7602f9': Permission denied
./winsxs/amd64_microsoft-windows-icm-profiles_31bf3856ad364e35_6.1.7600.16385_none_f5547dd01f628131/wscRGB.cdmp
./winsxs/amd64_microsoft-windows-icm-profiles_31bf3856ad364e35_6.1.7600.16385_none_f5547dd01f628131/wsRGB.cdmp

(please note that I have the Cygwin find(1) in my %PATH% before the Windows find.exe)

Well, it doesn't appear to be doing that for some reason, and it is set to NOT overwrite the file. I might also note that the modification date is set to the 12th, so it would appear that it isn't writing the full dumps now. Setting it back to overwrite dumps.

Just started playing X Rebirth, which is a memory and CPU hog. I say memory hog since running it tends to cause everything else to swap out.

Well, it just hung on a Wait:WrPageIn, and is unable to be killed. I have Process Explorer dumping it right now, but a quick search indicates that it might be a driver problem. However, I'm unable to get a debugger attached to the kernel (but I did just `bcdedit -debug on`), so I can't really track the issue right now. I'm additionally unable to get a stack trace via Process Explorer ("Error accessing thread"), so I'm pretty much stuck right now, and going to have to reboot manually.

I should have kernel debug availible afterwards, though, so if I get this hang again, it might be possible to track down the driver. Unless, of course, this issue just now arose because of memory corruption...