Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Win7 64bit, ntoskrnl.exe - DRIVER_VERIFIER_DETECTED_VIOLATION


06 Jul 2010   #1

Windows 7 Professional 64-bit
 
 
Win7 64bit, ntoskrnl.exe - DRIVER_VERIFIER_DETECTED_VIOLATION

Hi.

I recently added an installion Windows 7 Pro 64-bit on my home-built system that was running Windows XP 32bit in a dual-boot configuration. Windows XP runs flawlessly -- almost never a BSOD, and not one since I upgraded to a quad core CPU and stopped overclocking the system (I am no longer doing any overclocking -- everything is at stock and automatic BIOS settings).

However I've been having multiple BSODs with Windows 7, almost once a day or every other day. I installed WhoCrashed (Resplendence Software - WhoCrashed, automatic crash dump analyzer), and it tells me that most of my crashes are caused by ntoskrnl.exe, but since that is a part of the OS, I figured there was another problem.

I have not installed a lot of software yet and my drivers should be current.

I then activated Windows Driver Verifier and got a DRIVER_VERIFIER_DETECTED_VIOLATION, but I don't know how to interpret the results.

Can someone please look at my minidump logs and point me in the right direction? Please let me know if there is any other information I can provide. Thanks!

My System SpecsSystem Spec
.

07 Jul 2010   #2
Microsoft MVP

 
 

9 memory dumps, from 31 May to 06 Jul 2010
6 different STOP error codes, blaming 8 different causes

Please turn Driver Verifier off by selecting "Delete existing settings" in the first screen.

Driver Verifier detects a violation in procexp141.sys - this is a loaded driver from SysInternals Process Explorer program (in most cases). Are you using that program - and is it constantly running on your system? If Process Explorer is constantly running on your system - then it's possible that a corruption of the program has caused this issue.

If you're not constantly running it, then the Driver Verifier results probably aren't significant. The 8 different causes are significant tho' - and since they span numerous different sub-systems of Windows it's most likely that there is a hardware problem with your system.

Please run these free diagnostics:
Quote:
H/W Diagnostics:
Please start by running these bootable hardware diagnostics:
Memory Diagnostics (read the details at the link)
HD Diagnostic (read the details at the link)

Also, please run one of these free, independent online malware scans to ensure that your current protection hasn't been compromised: Malware (read the details at the link)

Then, if the above tests pass, I'd try these free stress tests:
Quote:
FurMark download site: FurMark: Graphics Card Stability and Stress Test, OpenGL Benchmark and GPU Temperature | oZone3D.Net
FurMark Setup:
- If you have more than one GPU, select Multi-GPU during setup
- In the Run mode box, select "Stability Test" and "Log GPU Temperature"
Click "Go" to start the test
- Run the test until the GPU temperature maxes out - or until you start having problems (whichever comes first).
- Click "Quit" to exit
Quote:
Prime95 download site: Free Software - GIMPS
Prime95 Setup:
- extract the contents of the zip file to a location of your choice
- double click on the executable file
- select "Just stress testing"
- select the "Blend" test. If you've already run MemTest overnight you may want to run the "Small FFTs" test instead.
- "Number of torture test threads to run" should equal the number of CPU's times 2 (if you're using hyperthreading).
The easiest way to figure this out is to go to Task Manager...Performance tab - and see the number of boxes under CPU Usage History
Then run the test for 6 to 24 hours - or until you get errors (whichever comes first).
This won't necessarily crash the system - but check the output in the test window for errors.
The Test selection box and the stress.txt file describes what components that the program stresses.
BSOD BUGCHECK SUMMARY
Code:

Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Sat Jul  3 19:47:10.526 2010 (UTC - 4:00)
System Uptime: 0 days 6:53:26.212
BugCheck C4, {f6, 354, fffff9809248ab30, fffff80002da7c76}
*** WARNING: Unable to verify timestamp for PROCEXP141.SYS
*** ERROR: Module load completed but symbols could not be loaded for PROCEXP141.SYS
Probably caused by : PROCEXP141.SYS ( PROCEXP141+1bb7 )
BUGCHECK_STR:  0xc4_f6
DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP
PROCESS_NAME:  procexp64.exe
ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Tue Jun 29 19:25:38.357 2010 (UTC - 4:00)
System Uptime: 0 days 6:47:15.386
BugCheck 3B, {c0000005, fffff80002dbc94c, fffff88008b4a0e0, 0}
Probably caused by : ntkrnlmp.exe ( nt!ObReferenceObjectByHandleWithTag+10c )
BUGCHECK_STR:  0x3B
PROCESS_NAME:  connectaddin.e
ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Sat Jun 19 22:57:03.106 2010 (UTC - 4:00)
System Uptime: 0 days 3:10:03.151
BugCheck 3B, {c0000005, fffff80002bf20f3, fffff88007a2c9c0, 0}
Probably caused by : dxgmms1.sys ( dxgmms1!VIDMM_GLOBAL::CloseOneAllocation+275 )
BUGCHECK_STR:  0x3B
PROCESS_NAME:  dwm.exe
ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Sat Jun 19 19:45:04.431 2010 (UTC - 4:00)
System Uptime: 0 days 0:28:31.086
BugCheck 1E, {0, 0, 0, 0}
*** WARNING: Unable to verify timestamp for fvevol.sys
*** ERROR: Module load completed but symbols could not be loaded for fvevol.sys
Probably caused by : CLASSPNP.SYS ( CLASSPNP!ServiceTransferRequest+27d )
BUGCHECK_STR:  0x1E_0
PROCESS_NAME:  System
ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Thu Jun 10 23:19:47.069 2010 (UTC - 4:00)
System Uptime: 0 days 0:12:30.968
BugCheck 1E, {0, 0, 0, 0}
Probably caused by : ntkrnlmp.exe ( nt!KiKernelCalloutExceptionHandler+e )
BUGCHECK_STR:  0x1E_0
PROCESS_NAME:  System
ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Wed Jun  2 23:40:42.096 2010 (UTC - 4:00)
System Uptime: 0 days 1:12:42.579
BugCheck 7E, {ffffffffc0000005, fffff880058dec74, fffff880067c0128, fffff880067bf990}
*** WARNING: Unable to verify timestamp for ha20x2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ha20x2k.sys
*** WARNING: Unable to verify timestamp for ctoss2k.sys
*** ERROR: Module load completed but symbols could not be loaded for ctoss2k.sys
*** WARNING: Unable to verify timestamp for emupia2k.sys
*** ERROR: Module load completed but symbols could not be loaded for emupia2k.sys
*** WARNING: Unable to verify timestamp for CTHWIUT.SYS
*** ERROR: Module load completed but symbols could not be loaded for CTHWIUT.SYS
Probably caused by : ha20x2k.sys ( ha20x2k+b9c74 )
PROCESS_NAME:  System
BUGCHECK_STR:  0x7E
ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Wed Jun  2 01:34:18.788 2010 (UTC - 4:00)
System Uptime: 0 days 1:09:05.661
BugCheck 3B, {c0000005, fffff88001082294, fffff88008644d80, 0}
Probably caused by : fltmgr.sys ( fltmgr!memcpy+204 )
BUGCHECK_STR:  0x3B
PROCESS_NAME:  TrustedInstall
ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Wed Jun  2 00:23:56.391 2010 (UTC - 4:00)
System Uptime: 0 days 0:34:20.890
BugCheck 19, {3, fffff8a0111fa4b0, fffff8a0111fa4b0, fbfff8a0111fa4b0}
Probably caused by : Pool_Corruption ( nt!ExFreePool+780 )
BUGCHECK_STR:  0x19_3
PROCESS_NAME:  Setup.exe
ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Mon May 31 14:05:16.576 2010 (UTC - 4:00)
System Uptime: 0 days 17:10:43.074
BugCheck 1000007E, {ffffffffc0000005, fffff88000e79c9c, fffff88003148428, fffff88003147c90}
*** WARNING: Unable to verify timestamp for rtl8187.sys
*** ERROR: Module load completed but symbols could not be loaded for rtl8187.sys
Probably caused by : rtl8187.sys ( rtl8187+17206 )
PROCESS_NAME:  System
BUGCHECK_STR:  0x7E
ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии
  
  
 
My System SpecsSystem Spec
07 Jul 2010   #3

Windows 7 Professional 64-bit
 
 

Thank you for the detailed response. Yes, I have been running Process Explorer a lot lately -- does it not play with Windows 7, or just cause problems with Driver Verifier?

I'll start with the hardware diagnostics and post back later. Thanks again.

--
Christopher
My System SpecsSystem Spec
.


08 Jul 2010   #4
Microsoft MVP

 
 

I use Process Explorer a lot and have never had a BSOD from it.
But, I don't leave it running a long time, so I may have just been lucky.

Most of my knowledge about Windows internals comes from the writer of Process Explorer.
As such, I'd expect it to behave properly within Windows.
When was the last time that you updated/downloaded a fresh copy of Process Explorer?

Also, it's possible that procexp141.sys is accessing another problem driver - so it's indirectly involved in the crash. The way to figure this out is to remove Process Explorer from your system (and ensure that procexp141.sys is gone from C:\Windows\System32\drivers) - then run Driver Verifier to see what it points at.

Finally, a hardware error can affect different things at different times (hence the different BSOD's that you're getting) - but it can also be "picky" and only fault on something that does a certain action in a certain way. When using tools developed for advanced users, the likelyhood of the tool accessing some seldom used part of a component is increased - so it's likely (IMO) that procexp141.sys is doing something unusual with the defective piece of hardware on your system, and that's why the errors appear as they do.

Good luck!
My System SpecsSystem Spec
Reply

 Win7 64bit, ntoskrnl.exe - DRIVER_VERIFIER_DETECTED_VIOLATION




Thread Tools



Similar help and support threads for2: Win7 64bit, ntoskrnl.exe - DRIVER_VERIFIER_DETECTED_VIOLATION
Thread Forum
ntoskrnl.exe windows 7 64bit BSOD Help and Support
BSOD Winxp 64bit, Win7 Pro 64bit many error codes BSOD Help and Support
BSOD - DRIVER_VERIFIER_DETECTED_VIOLATION - ntoskrnl.exe BSOD Help and Support
Solved BSOD ntoskrnl.exe 64bit BSOD Help and Support
RandomA TMFD.DLL Bluescreen (DRIVER_VERIFIER_DETECTED_VIOLATION) BSOD Help and Support
BSOD Windows 7 64bit PSHED.dll + ntoskrnl BSOD Help and Support
BSOD Win7 Pro 64bit - ntoskrnl.exe?? BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

й Designer Media Ltd

All times are GMT -5. The time now is 11:17 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33