Win7 64bit, ntoskrnl.exe - DRIVER_VERIFIER_DETECTED_VIOLATION

Hi.

I recently added an installion Windows 7 Pro 64-bit on my home-built system that was running Windows XP 32bit in a dual-boot configuration. Windows XP runs flawlessly -- almost never a BSOD, and not one since I upgraded to a quad core CPU and stopped overclocking the system (I am no longer doing any overclocking -- everything is at stock and automatic BIOS settings).

However I've been having multiple BSODs with Windows 7, almost once a day or every other day. I installed WhoCrashed (Resplendence Software - WhoCrashed, automatic crash dump analyzer), and it tells me that most of my crashes are caused by ntoskrnl.exe, but since that is a part of the OS, I figured there was another problem.

I have not installed a lot of software yet and my drivers should be current.

I then activated Windows Driver Verifier and got a DRIVER_VERIFIER_DETECTED_VIOLATION, but I don't know how to interpret the results.

Can someone please look at my minidump logs and point me in the right direction? Please let me know if there is any other information I can provide. Thanks!

9 memory dumps, from 31 May to 06 Jul 2010
6 different STOP error codes, blaming 8 different causes

Please turn Driver Verifier off by selecting "Delete existing settings" in the first screen.

Driver Verifier detects a violation in procexp141.sys - this is a loaded driver from SysInternals Process Explorer program (in most cases). Are you using that program - and is it constantly running on your system? If Process Explorer is constantly running on your system - then it's possible that a corruption of the program has caused this issue.

If you're not constantly running it, then the Driver Verifier results probably aren't significant. The 8 different causes are significant tho' - and since they span numerous different sub-systems of Windows it's most likely that there is a hardware problem with your system.

Please run these free diagnostics:

H/W Diagnostics:
Please start by running these bootable hardware diagnostics:
Memory Diagnostics (read the details at the link)
HD Diagnostic (read the details at the link)

Also, please run one of these free, independent online malware scans to ensure that your current protection hasn't been compromised: Malware (read the details at the link)

Then, if the above tests pass, I'd try these free stress tests:

FurMark download site: FurMark: Graphics Card Stability and Stress Test, OpenGL Benchmark and GPU Temperature | oZone3D.Net
FurMark Setup:
- If you have more than one GPU, select Multi-GPU during setup
- In the Run mode box, select "Stability Test" and "Log GPU Temperature"
Click "Go" to start the test
- Run the test until the GPU temperature maxes out - or until you start having problems (whichever comes first).
- Click "Quit" to exit

Prime95 download site: Free Software - GIMPS
Prime95 Setup:
- extract the contents of the zip file to a location of your choice
- double click on the executable file
- select "Just stress testing"
- select the "Blend" test. If you've already run MemTest overnight you may want to run the "Small FFTs" test instead.
- "Number of torture test threads to run" should equal the number of CPU's times 2 (if you're using hyperthreading).
The easiest way to figure this out is to go to Task Manager...Performance tab - and see the number of boxes under CPU Usage History
Then run the test for 6 to 24 hours - or until you get errors (whichever comes first).
This won't necessarily crash the system - but check the output in the test window for errors.
The Test selection box and the stress.txt file describes what components that the program stresses.

BSOD BUGCHECK SUMMARY

Code:

Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Sat Jul  3 19:47:10.526 2010 (UTC - 4:00)
System Uptime: 0 days 6:53:26.212
BugCheck C4, {f6, 354, fffff9809248ab30, fffff80002da7c76}
*** WARNING: Unable to verify timestamp for PROCEXP141.SYS
*** ERROR: Module load completed but symbols could not be loaded for PROCEXP141.SYS
Probably caused by : PROCEXP141.SYS ( PROCEXP141+1bb7 )
BUGCHECK_STR:  0xc4_f6
DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME:  procexp64.exe
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Tue Jun 29 19:25:38.357 2010 (UTC - 4:00)
System Uptime: 0 days 6:47:15.386
BugCheck 3B, {c0000005, fffff80002dbc94c, fffff88008b4a0e0, 0}
Probably caused by : ntkrnlmp.exe ( nt!ObReferenceObjectByHandleWithTag+10c )
BUGCHECK_STR:  0x3B
PROCESS_NAME:  connectaddin.e
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Sat Jun 19 22:57:03.106 2010 (UTC - 4:00)
System Uptime: 0 days 3:10:03.151
BugCheck 3B, {c0000005, fffff80002bf20f3, fffff88007a2c9c0, 0}
Probably caused by : dxgmms1.sys ( dxgmms1!VIDMM_GLOBAL::CloseOneAllocation+275 )
BUGCHECK_STR:  0x3B
PROCESS_NAME:  dwm.exe
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Sat Jun 19 19:45:04.431 2010 (UTC - 4:00)
System Uptime: 0 days 0:28:31.086
BugCheck 1E, {0, 0, 0, 0}
*** WARNING: Unable to verify timestamp for fvevol.sys
*** ERROR: Module load completed but symbols could not be loaded for fvevol.sys
Probably caused by : CLASSPNP.SYS ( CLASSPNP!ServiceTransferRequest+27d )
BUGCHECK_STR:  0x1E_0
PROCESS_NAME:  System
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Thu Jun 10 23:19:47.069 2010 (UTC - 4:00)
System Uptime: 0 days 0:12:30.968
BugCheck 1E, {0, 0, 0, 0}
Probably caused by : ntkrnlmp.exe ( nt!KiKernelCalloutExceptionHandler+e )
BUGCHECK_STR:  0x1E_0
PROCESS_NAME:  System
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Wed Jun  2 23:40:42.096 2010 (UTC - 4:00)
System Uptime: 0 days 1:12:42.579
BugCheck 7E, {ffffffffc0000005, fffff880058dec74, fffff880067c0128, fffff880067bf990}
*** WARNING: Unable to verify timestamp for ha20x2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ha20x2k.sys
*** WARNING: Unable to verify timestamp for ctoss2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctoss2k.sys
*** WARNING: Unable to verify timestamp for emupia2k.sys
*** ERROR: Module load completed but symbols could not be loaded for emupia2k.sys
*** WARNING: Unable to verify timestamp for CTHWIUT.SYS
*** ERROR: Module load completed but symbols could not be loaded for CTHWIUT.SYS
Probably caused by : ha20x2k.sys ( ha20x2k+b9c74 )
PROCESS_NAME:  System
BUGCHECK_STR:  0x7E
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Wed Jun  2 01:34:18.788 2010 (UTC - 4:00)
System Uptime: 0 days 1:09:05.661
BugCheck 3B, {c0000005, fffff88001082294, fffff88008644d80, 0}
Probably caused by : fltmgr.sys ( fltmgr!memcpy+204 )
BUGCHECK_STR:  0x3B
PROCESS_NAME:  TrustedInstall
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Wed Jun  2 00:23:56.391 2010 (UTC - 4:00)
System Uptime: 0 days 0:34:20.890
BugCheck 19, {3, fffff8a0111fa4b0, fffff8a0111fa4b0, fbfff8a0111fa4b0}
Probably caused by : Pool_Corruption ( nt!ExFreePool+780 )
BUGCHECK_STR:  0x19_3
PROCESS_NAME:  Setup.exe
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Mon May 31 14:05:16.576 2010 (UTC - 4:00)
System Uptime: 0 days 17:10:43.074
BugCheck 1000007E, {ffffffffc0000005, fffff88000e79c9c, fffff88003148428, fffff88003147c90}
*** WARNING: Unable to verify timestamp for rtl8187.sys
*** ERROR: Module load completed but symbols could not be loaded for rtl8187.sys
Probably caused by : rtl8187.sys ( rtl8187+17206 )
PROCESS_NAME:  System
BUGCHECK_STR:  0x7E
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
  
  
 

I use Process Explorer a lot and have never had a BSOD from it.
But, I don't leave it running a long time, so I may have just been lucky.

Most of my knowledge about Windows internals comes from the writer of Process Explorer.
As such, I'd expect it to behave properly within Windows.
When was the last time that you updated/downloaded a fresh copy of Process Explorer?

Also, it's possible that procexp141.sys is accessing another problem driver - so it's indirectly involved in the crash. The way to figure this out is to remove Process Explorer from your system (and ensure that procexp141.sys is gone from C:\Windows\System32\drivers) - then run Driver Verifier to see what it points at.

Finally, a hardware error can affect different things at different times (hence the different BSOD's that you're getting) - but it can also be "picky" and only fault on something that does a certain action in a certain way. When using tools developed for advanced users, the likelyhood of the tool accessing some seldom used part of a component is increased - so it's likely (IMO) that procexp141.sys is doing something unusual with the defective piece of hardware on your system, and that's why the errors appear as they do.

Good luck!