New
#11
Hi jcrandall. Dean asked me to take a look at your problem. I noticed that when you run the JC Griff tool, the files generated are not complete. There is no msinfo file and no system information. I am not sure what is causing this. I have been back through all of your uploads and it is the same in each one.
I looked at your four latest dumps. They show three different error codes and all four indicate memory corruption. None of them are Driver Verifier enabled dumps. Two of them blame Windows system drivers, which are highly unlikely to be the real causes; one blames your NTFS file system; and one blames atikmpag.sys, your video driver. Usually this pattern indicates a hardware or hardware related conflict.
I know that you are running MSE and Windows Firewall. Are you running any third party security programs such as a banking security program, a wi-fi hotspot security program, a gaming security program, etc?
1. I suggest that you test your RAM with Memtest 86 carefully following the instructions in this tutorial: RAM - Test with Memtest86+. Let Memtest run for at least seven passes. Errors if any will show on your screen in red. If you see any errors, you can stop the test. Post back with your results.
2. If you get no errors with Memtest, please enable Driver Verifier exactly following the instructions in this tutorial: Driver Verifier - Enable and Disable. Let Verifier run for 36 hours and use your computer normally while it is running. Verifier will trigger a BSOD if it finds a faulty driver. Upload any and all Verifier enabled dumps. Hopefully, they will point out any faulty drivers.
3. Because one of the dumps blames NTFS.sys, your file system, I recommend that you run Check Disk -Run CHKDSK /R /F from an elevated (Run as adminstrator) Command Prompt. Please do this for each hard drive on your system.
When it tells you it can't do it right now - and asks you if you'd like to do it at the next reboot - answer Y (for Yes) and press Enter. Then reboot and let the test run. It may take a while for it to run, but keep an occasional eye on it to see if it generates any errors. See "CHKDSK LogFile" below in order to check the results of the test.
Elevated Command Prompt:
Go to Start and type in "cmd.exe" (without the quotes)
At the top of the Search Box, right click on Cmd.exe and select "Run as administrator"
CHKDSK LogFile:
Go to Start and type in "eventvwr.msc" (without the quotes) and press Enter
Expand the Windows logs heading, then select the Application log file entry.
Double click on the Source column header.
Scroll down the list until you find the Chkdsk entry (wininit for Windows 7) (winlogon for XP).
Copy/paste the results into your next post
Follow these three suggestions and we will go from there depending on the results you get. You will have to troubleshoot by the process of elimination.
Code:Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850 Machine Name: Kernel base = 0xfffff800`02c1c000 PsLoadedModuleList = 0xfffff800`02e61e90 Debug session time: Mon Apr 18 00:55:43.548 2011 (GMT-4) System Uptime: 0 days 10:36:43.871 Loading Kernel Symbols ............................................................... ................................................................ ...................... Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 3B, {c0000005, fffff88002d1537b, fffff8800557a8e0, 0} Probably caused by : atikmpag.sys ( atikmpag+a37b ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff88002d1537b, Address of the exception record for the exception that caused the bugcheck Arg3: fffff8800557a8e0, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: atikmpag+a37b fffff880`02d1537b 488b4008 mov rax,qword ptr [rax+8] CONTEXT: fffff8800557a8e0 -- (.cxr 0xfffff8800557a8e0) rax=dffffa8006cbafc0 rbx=fffff8800557b380 rcx=fffffa8007c84880 rdx=fffffffffdcda780 rsi=fffff8800557b430 rdi=fffffa8007c84cc0 rip=fffff88002d1537b rsp=fffff8800557b2c0 rbp=fffffa8007c84880 r8=0000000000000000 r9=0000000000000000 r10=fffffa8005b2e780 r11=fffffa8007c84880 r12=fffffa80050a6700 r13=000000000000002d r14=fffff8800557b388 r15=fffffa8005890000 iopl=0 nv up ei ng nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286 atikmpag+0xa37b: fffff880`02d1537b 488b4008 mov rax,qword ptr [rax+8] ds:002b:dffffa80`06cbafc8=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x3B PROCESS_NAME: dwm.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff88002d1537b STACK_TEXT: fffff880`0557b2c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : atikmpag+0xa37b FOLLOWUP_IP: atikmpag+a37b fffff880`02d1537b 488b4008 mov rax,qword ptr [rax+8] SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: atikmpag+a37b FOLLOWUP_NAME: MachineOwner MODULE_NAME: atikmpag IMAGE_NAME: atikmpag.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d76ff66 STACK_COMMAND: .cxr 0xfffff8800557a8e0 ; kb FAILURE_BUCKET_ID: X64_0x3B_atikmpag+a37b BUCKET_ID: X64_0x3B_atikmpag+a37b Followup: MachineOwner --------- Debug session time: Mon Apr 18 20:00:05.060 2011 (GMT-4) System Uptime: 0 days 0:05:31.418 Loading Kernel Symbols ............................................................... ................................................................ ....................... Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 24, {1904fb, fffff88002920998, fffff880029201f0, fffff880012e53e7} Probably caused by : Ntfs.sys ( Ntfs!NtfsOpenAttribute+3a7 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* NTFS_FILE_SYSTEM (24) If you see NtfsExceptionFilter on the stack then the 2nd and 3rd parameters are the exception record and context record. Do a .cxr on the 3rd parameter and then kb to obtain a more informative stack trace. Arguments: Arg1: 00000000001904fb Arg2: fffff88002920998 Arg3: fffff880029201f0 Arg4: fffff880012e53e7 Debugging Details: ------------------ EXCEPTION_RECORD: fffff88002920998 -- (.exr 0xfffff88002920998) ExceptionAddress: fffff880012e53e7 (Ntfs!NtfsOpenAttribute+0x00000000000003a7) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff CONTEXT: fffff880029201f0 -- (.cxr 0xfffff880029201f0) rax=dffff8a002754b58 rbx=fffffa8003a6d070 rcx=fffff8a002754c28 rdx=0000000000000000 rsi=fffffa8003a14e18 rdi=fffff8a002754b98 rip=fffff880012e53e7 rsp=fffff88002920bd0 rbp=0000000000000000 r8=fffffa8005d7ceb8 r9=0000000000000000 r10=fffff88001296380 r11=fffff8a009ce4b28 r12=fffff88002921510 r13=fffff8a002754800 r14=fffff88002921518 r15=fffff880029214a0 iopl=0 nv up ei ng nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286 Ntfs!NtfsOpenAttribute+0x3a7: fffff880`012e53e7 4c8918 mov qword ptr [rax],r11 ds:002b:dffff8a0`02754b58=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: svchost.exe CURRENT_IRQL: 1 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: ffffffffffffffff READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ecb0e8 ffffffffffffffff FOLLOWUP_IP: Ntfs!NtfsOpenAttribute+3a7 fffff880`012e53e7 4c8918 mov qword ptr [rax],r11 FAULTING_IP: Ntfs!NtfsOpenAttribute+3a7 fffff880`012e53e7 4c8918 mov qword ptr [rax],r11 BUGCHECK_STR: 0x24 LAST_CONTROL_TRANSFER: from fffff880012d3fe5 to fffff880012e53e7 STACK_TEXT: fffff880`02920bd0 fffff880`012d3fe5 : fffffa80`05e5e530 fffffa80`03a14e18 fffffa80`05203180 fffff8a0`02754b98 : Ntfs!NtfsOpenAttribute+0x3a7 fffff880`02920ce0 fffff880`012cfe3b : fffff880`029214a0 fffffa80`05e5e530 fffff8a0`02754b98 fffff8a0`00000024 : Ntfs!NtfsOpenExistingAttr+0x145 fffff880`02920da0 fffff880`012d309f : fffffa80`05e5e530 fffffa80`03a14ac0 fffff8a0`02754b98 fffff880`00000024 : Ntfs!NtfsOpenAttributeInExistingFile+0x5ab fffff880`02920f30 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Ntfs!NtfsOpenExistingPrefixFcb+0x1ef SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: Ntfs!NtfsOpenAttribute+3a7 FOLLOWUP_NAME: MachineOwner MODULE_NAME: Ntfs IMAGE_NAME: Ntfs.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4ce792f9 STACK_COMMAND: .cxr 0xfffff880029201f0 ; kb FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsOpenAttribute+3a7 BUCKET_ID: X64_0x24_Ntfs!NtfsOpenAttribute+3a7 Followup: MachineOwner --------- Debug session time: Mon Apr 18 20:05:57.910 2011 (GMT-4) System Uptime: 0 days 0:01:05.268 Loading Kernel Symbols ............................................................... ................................................................ .................. Loading User Symbols Loading unloaded module list .... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 3B, {c0000005, fffff80002c9f9c6, fffff880061a1740, 0} Probably caused by : ntkrnlmp.exe ( nt!ExpReleaseResourceForThreadLite+46 ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. Arguments: Arg1: 00000000c0000005, Exception code that caused the bugcheck Arg2: fffff80002c9f9c6, Address of the exception record for the exception that caused the bugcheck Arg3: fffff880061a1740, Address of the context record for the exception that caused the bugcheck Arg4: 0000000000000000, zero. Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: nt!ExpReleaseResourceForThreadLite+46 fffff800`02c9f9c6 f0480fba696000 lock bts qword ptr [rcx+60h],0 CONTEXT: fffff880061a1740 -- (.cxr 0xfffff880061a1740) rax=0000000000000041 rbx=ff00fa8005944ab0 rcx=ff00fa8005944ab0 rdx=fffffa8005e04550 rsi=0000000000000000 rdi=fffff900c00c0010 rip=fffff80002c9f9c6 rsp=fffff880061a2120 rbp=fffffa8005e04550 r8=0000000000000000 r9=0000000000000000 r10=0000000000000000 r11=fffff900c1f3d630 r12=fffff80002e0fe80 r13=fffffa8005e04550 r14=0000000000000000 r15=000000000000cccc iopl=0 nv up di pl zr na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010046 nt!ExpReleaseResourceForThreadLite+0x46: fffff800`02c9f9c6 f0480fba696000 lock bts qword ptr [rcx+60h],0 ds:002b:ff00fa80`05944b10=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x3B PROCESS_NAME: explorer.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 0000000000000000 to fffff80002c9f9c6 STACK_TEXT: fffff880`061a2120 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExpReleaseResourceForThreadLite+0x46 FOLLOWUP_IP: nt!ExpReleaseResourceForThreadLite+46 fffff800`02c9f9c6 f0480fba696000 lock bts qword ptr [rcx+60h],0 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: nt!ExpReleaseResourceForThreadLite+46 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7951a STACK_COMMAND: .cxr 0xfffff880061a1740 ; kb FAILURE_BUCKET_ID: X64_0x3B_nt!ExpReleaseResourceForThreadLite+46 BUCKET_ID: X64_0x3B_nt!ExpReleaseResourceForThreadLite+46 Followup: MachineOwner --------- Debug session time: Thu Apr 21 22:28:28.305 2011 (GMT-4) System Uptime: 0 days 1:38:02.679 Loading Kernel Symbols ............................................................... ................................................................ ...................... Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1000007E, {ffffffffc0000005, fffff880040e8fa7, fffff880036c6f48, fffff880036c67a0} Probably caused by : dxgkrnl.sys ( dxgkrnl!DXGDEVICE::Lock+287 ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Some common problems are exception code 0x80000003. This means a hard coded breakpoint or assertion was hit, but this system was booted /NODEBUG. This is not supposed to happen as developers should never have hardcoded breakpoints in retail code, but ... If this happens, make sure a debugger gets connected, and the system is booted /DEBUG. This will let us see why this breakpoint is happening. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffff880040e8fa7, The address that the exception occurred at Arg3: fffff880036c6f48, Exception Record Address Arg4: fffff880036c67a0, Context Record Address Debugging Details: ------------------ EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. FAULTING_IP: dxgkrnl!DXGDEVICE::Lock+287 fffff880`040e8fa7 488b5510 mov rdx,qword ptr [rbp+10h] EXCEPTION_RECORD: fffff880036c6f48 -- (.exr 0xfffff880036c6f48) ExceptionAddress: fffff880040e8fa7 (dxgkrnl!DXGDEVICE::Lock+0x0000000000000287) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: ffffffffffffffff Parameter[1]: 0000000000000000 Attempt to execute non-executable address 0000000000000000 CONTEXT: fffff880036c67a0 -- (.cxr 0xfffff880036c67a0) rax=0000000000000000 rbx=0000000000000000 rcx=fffffa80065bfb70 rdx=0000000000000001 rsi=fffff880036c72c0 rdi=0000000000000000 rip=fffff880040e8fa7 rsp=fffff880036c7180 rbp=ff00f8a000fda000 r8=0000000000000004 r9=0000000000000000 r10=0000000000000028 r11=fffff880036c7050 r12=fffff8a00eef06a0 r13=0000000000000002 r14=0000000000000000 r15=0000000000000bbe iopl=0 nv up ei ng nz na po nc cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00010286 dxgkrnl!DXGDEVICE::Lock+0x287: fffff880`040e8fa7 488b5510 mov rdx,qword ptr [rbp+10h] ss:ff00f8a0`00fda010=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: NULL_DEREFERENCE PROCESS_NAME: csrss.exe CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: ffffffffffffffff EXCEPTION_PARAMETER2: 0000000000000000 WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002eb20e8 0000000000000000 FOLLOWUP_IP: dxgkrnl!DXGDEVICE::Lock+287 fffff880`040e8fa7 488b5510 mov rdx,qword ptr [rbp+10h] BUGCHECK_STR: 0x7E LAST_CONTROL_TRANSFER: from fffff880040ce81a to fffff880040e8fa7 STACK_TEXT: fffff880`036c7180 fffff880`040ce81a : fffff8a0`00dd2b50 fffff8a0`00dd2b50 fffff8a0`00fda000 fffff900`c21da360 : dxgkrnl!DXGDEVICE::Lock+0x287 fffff880`036c71e0 fffff960`00764bda : fffff900`c00ba020 00000000`00000000 00000000`00000030 fffff900`c3029b80 : dxgkrnl!DxgkCddLock+0x236 fffff880`036c7270 fffff960`0076606c : ffffffff`fffd74bb 00000000`0104002f 00000000`00000001 00000000`00000000 : cdd!CddPresentBlt+0x262 fffff880`036c79b0 fffff800`02f1ecce : 00000000`11c79046 fffffa80`0668bb60 00000000`00000080 fffffa80`065ec060 : cdd!PresentWorkerThread+0xd00 fffff880`036c7d40 fffff800`02c72fe6 : fffff880`009e9180 fffffa80`0668bb60 fffffa80`065ec7e0 fffff880`01263a20 : nt!PspSystemThreadStartup+0x5a fffff880`036c7d80 00000000`00000000 : fffff880`036c8000 fffff880`036c2000 fffff880`036c6a20 00000000`00000000 : nt!KxStartSystemThread+0x16 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: dxgkrnl!DXGDEVICE::Lock+287 FOLLOWUP_NAME: MachineOwner MODULE_NAME: dxgkrnl IMAGE_NAME: dxgkrnl.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4ce799fa STACK_COMMAND: .cxr 0xfffff880036c67a0 ; kb FAILURE_BUCKET_ID: X64_0x7E_VRF_dxgkrnl!DXGDEVICE::Lock+287 BUCKET_ID: X64_0x7E_VRF_dxgkrnl!DXGDEVICE::Lock+287 Followup: MachineOwner ---------