Random BSODs and applications crashes on a fresh Win7 install

Page 1 of 11 123 ... LastLast

  1. Posts : 59
    Windows 7 home Premium 64bit
       #1

    Random BSODs and applications crashes on a fresh Win7 install


    Hi all, I can't be more specific as far as the title is concerned, for the simple reason that I can't get my PC to boot,,, thus can't upload dump files and give error number as suggested. I'll try nevertheless describe the symptoms as acurately as possible and recover dump files by connecting the disk to another computer. So there we go: a few days ago I installed Win 7 Home Premium on a brand new platform. The config is the following:

    CPU: FX-4100 MB : Asus M5A78L/USB3
    Mem: OCZ 4096MB 1600MHz Reaper LV CL8 (2x2048)
    PSU: Zalman 500-ST 80 (PSU specs here ::: Zalman, leading the world of Quiet Computing Solutions :::)
    Gfx: Evga Gtx 550 Ti
    HDD:500GB Samsung HD502HJ
    Sound: On-board Realtek
    LAN: On-board Realtek

    All good so far, apart from the fact that soon after the fresh install I got the 1st BSOD. I updated the MB Bios as the latest one was supposed to improve stability. No change, random BSODs again. In the meantime I installed ATIH 2012, and having read numerous posts about its bugginess and faulty drivers, I thought I had found the culprit, as having run the "Who crashed" app it pointed me to some ATIH driver, namely tdrpman.sys. I uninstalled ATIH, ran their cleanup utility, but there were still residues on my computer.

    So I decided to reformat the freshly installed system, this time without ATIH. "Normal" format was not sufficient, I had to do a "full" format from command line to be able to start reinstalling windows. One weird thing though: after finishing the format, I pressed enter to confirm that I don't want to name the volume at that point, and immediately after that I got blue screen, computer rebooted, but I could proceed with Windows installation. I installed all the Windows Update patches, chipset, LAN, audio and video drivers, MSE and a couple of programmes.

    It was ok for some time (1 day maybe) until I got another BSOD. I started thinking this could be hardware related, so I checked memories with memtest - 5 hours test showed no errors. Checking HDD neither, HDD Scan reported no bad sectors. CPU and mems tested again with OCCT, without any issues or crashes. Temperatures were a little to high maybe, but during normal operation they never go above 40-45. Disks around 30max and GPU 50-60. App crashes happen without any visible pattern. Nvidia drivers (once only though), skype, firefox, IE, windows explorer, recently it crashed starcraft and as a result install files got corrupted, which couldn't be repaired by blizzard tool. Same happend to files already on the hard drive, when I tried to open some installs I had downloaded previously, they would report that they were corrupted - this is the case of Avira, which I had to download 5 or 6 times (thinking this could be MSE issue and wanting to try another AV).

    Finally, after reading some posts here, I started driver verifier, chose standard mode and set it to check all the drivers on the computer. It prompted me to reboot in order to save the changes, and, after the reboot, Windows wouldn't even get to the logon screen, but BSOD just before. It wouldn't even boot into safe mode, giving a message about RPC not being available, the screen would stay black with safe mode headers in the corners and that's it.

    So there it is, sorry not to be able to attach dumps at this point, but as you've just read above, at this point I'm not able to boot the PC. Hopefully you can already come up with some ideas, as I've totally ran out of them.

    Thanks for sharing your knowledge and sorry for posting in a wrong section, could I ask a mod please to move it to the appropriate section? Thanks!
    Last edited by R4ndom; 10 Jan 2012 at 03:19.
      My Computer


  2. Posts : 120
    Win7Ultimate x64 + x32, Win7Pro x64, XP x32, Win 2003, Ubuntu and OpenIndiana
       #2

    You mentioned in your third paragraph that you had a BSOD after you had booted from the Win install DVD and were formatting the hard drive. BSODs at this stage mean you have either a hardware problem or some unfortunate incompatibility between Windows and your hardware. It also sounds like you have an intermittent problem and those are a pain to diagnose.

    At this point, it smells like a bad hard drive given that you had a BSOD after formatting the drive and have had file corruption since then. It's hard--but not impossible--to get file corruption involving files already on the disk from other causes.

    Do you have a spare hard drive you can test with? If not, can you disconnect the HD and boot from a Linux Live CD (or bootable USB) and run the computer for a few days as a test? If Linux doesn't have a kernel panic (Linux equivalent of a BSOD) during a few days of testing, you can be somewhat confident that the rest of your hardware is OK.

    The second thing I'd suspect after the HDD is your power supply.

    It wouldn't hurt to check your PSU voltages and clock speed settings in the BIOS.
    Last edited by Solidwave; 10 Jan 2012 at 04:54.
      My Computer


  3. Posts : 19
    Windows 7 Ultimate x64
       #3

    Finally, after reading some posts here, I started driver verifier, chose standard mode and set it to check all the drivers on the computer.
    Which is probably your problem. You should choose all drivers NOT by Microsoft.

    Insert your Win7 disk and from the options select Repair. Then command prompt. In command prompt enter verifier /reset

    If that doen't help you'll probably have to go the same route again to see if you can delete two registry entries as detailed here: Using Driver Verifier to identify issues with Drivers
      My Computer


  4. Posts : 59
    Windows 7 home Premium 64bit
    Thread Starter
       #4

    Hi Solidwave and Julian, thanks for your advice. I'll reply to both of you concerning matters you raised:

    Indeed, I got a BSOD upon completion of the format. But if the HDD was to be the culprit, why HDD scan showed no errors/bad sectors? On the other hand, yesterday, while running chkdisk I also got a BSOD, or actually it didn't even start scanning, just rebooted before it... Unfortunately I have no other HDD to swap with this one, so I suppose Linux Live CD remains my only option.

    The PSU had been functioning without issues with my previous rig, much less power consuming, this is true, but the current one shouldn't be a problem either, as I calculated some 150W power security marge.

    I will have a look at PSU voltages and clocks in the BIOS ***Note: system IS NOT overclocked

    If I manage to get to windows by repairing it (already tried that yesterday, but without success, I'll repeat the procedure). Then I'll reset the driver verifier and choose drivers not by Microsoft.

    Hopefully I will also be able to upload BSOD dumps....

    Thanks to the mod for moving the thread.
      My Computer


  5. Posts : 59
    Windows 7 home Premium 64bit
    Thread Starter
       #5

    Update:
    I tried reverting windows to an earlier point in time - it failed, giving a BSOD.
    I then run the repair which came up with a message "could not automatically solve the problem"
    I ran now memory tests again - this time with windows tool and left it for a couple of hours to see what it gives.
    Later I'll try to reset as suggested the verifier tool, as well as check BIOS for voltages and clocks.
    And if I manage to boot to windows, I'll try to apply steps as described here
      My Computer


  6. Posts : 59
    Windows 7 home Premium 64bit
    Thread Starter
       #6

    Windows tool for memory testing showed no errors after 56 passes completed.

    Temperatures CPU 43C (have just one probe on my MB) MB temp 28C

    Vcore 1.44V
    3.3V voltage 3.304V
    5v voltage 5.07V
    12v voltage 11.951V

    I managed to boot in safe mode, reset the verifier tool and copied dumps onto a usb drive.

    And then, as if during the past few days Armageddon didn't happen, after reboot, I managed to get to normal mode.

    I ran the recommended utilites and attach results; they include only the latest dumps, from yesterday those from 4.01 as well as 6.01 aren't there due to subsequent hdisk reformat. I have them in raw form in case they were needed.

    Just one issue, reports are not in EN, obviously will help with translation if needed.

    Another strange thing: System health report reports that AV is not present, but Windows control centre shows its as active and the umbrella is open - realtime protection active. I don't get alerts in the tray.

    Thanks again for help.

    Edit: Exiting a programme a while ago with "your installation files are damaged"
    Last edited by R4ndom; 10 Jan 2012 at 16:53.
      My Computer


  7. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #7

    Glad to see you got the system to startup again by following the instructions to turn off Verifier. I will take a look at your minidumps. :)
      My Computer


  8. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #8

    Code:
    1. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\R4ndom\Windows_NT6_BSOD_jcgriff2\010912-19952-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02e04000 PsLoadedModuleList = 0xfffff800`03049670 Debug session time: Mon Jan 9 11:42:47.193 2012 (UTC - 7:00) System Uptime: 0 days 7:15:06.365 Loading Kernel Symbols ............................................................... ................................................................ ......................... Loading User Symbols Loading unloaded module list ................ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck C2, {7, 109b, 310033, fffff8a006f92620} GetPointerFromAddress: unable to read from fffff800030b3100 Probably caused by : ntkrnlmp.exe ( nt!HvFreeHive+24b ) Followup: MachineOwner --------- 3: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* BAD_POOL_CALLER (c2) The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc. Arguments: Arg1: 0000000000000007, Attempt to free pool which was already freed Arg2: 000000000000109b, (reserved) Arg3: 0000000000310033, Memory contents of the pool block Arg4: fffff8a006f92620, Address of the block of pool being deallocated Debugging Details: ------------------ POOL_ADDRESS: fffff8a006f92620 FREED_POOL_TAG: NtFs BUGCHECK_STR: 0xc2_7_NtFs CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: TrustedInstall CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff80002faebe9 to fffff80002e80c40 STACK_TEXT: fffff880`09f587b8 fffff800`02faebe9 : 00000000`000000c2 00000000`00000007 00000000`0000109b 00000000`00310033 : nt!KeBugCheckEx fffff880`09f587c0 fffff800`03104e7f : fffff8a0`02e050e0 00000000`01408000 fffff8a0`20374d43 00000000`00000633 : nt!ExDeferredFreePool+0x1201 fffff880`09f58870 fffff800`031044d0 : fffff8a0`00000000 fffff880`09f58901 fffff8a0`00000001 fffff880`029d5000 : nt!HvFreeHive+0x24b fffff880`09f588f0 fffff800`03104199 : fffff8a0`0247dfa0 fffff880`09f58b60 00000000`00000000 00000000`00000006 : nt!CmUnloadKey+0x190 fffff880`09f58930 fffff800`02e7fed3 : fffffa80`03c17b60 000007fe`ff113110 00000000`00000001 00000000`00000001 : nt!NtUnloadKey2+0x4e4 fffff880`09f58ae0 00000000`771b2b9a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`00f8f788 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x771b2b9a STACK_COMMAND: kb FOLLOWUP_IP: nt!HvFreeHive+24b fffff800`03104e7f 4533f6 xor r14d,r14d SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: nt!HvFreeHive+24b FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3 FAILURE_BUCKET_ID: X64_0xc2_7_NtFs_nt!HvFreeHive+24b BUCKET_ID: X64_0xc2_7_NtFs_nt!HvFreeHive+24b Followup: MachineOwner ---------
    2. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\R4ndom\Windows_NT6_BSOD_jcgriff2\010912-17721-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02e4a000 PsLoadedModuleList = 0xfffff800`0308f670 Debug session time: Mon Jan 9 11:59:08.958 2012 (UTC - 7:00) System Uptime: 0 days 0:11:05.535 Loading Kernel Symbols ............................................................... ................................................................ ........................... Loading User Symbols Loading unloaded module list .......... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 24, {1904fb, fffff8800317e618, fffff8800317de70, fffff80002ed919a} Probably caused by : Ntfs.sys ( Ntfs!NtfsTeardownFromLcb+fb ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* NTFS_FILE_SYSTEM (24) If you see NtfsExceptionFilter on the stack then the 2nd and 3rd parameters are the exception record and context record. Do a .cxr on the 3rd parameter and then kb to obtain a more informative stack trace. Arguments: Arg1: 00000000001904fb Arg2: fffff8800317e618 Arg3: fffff8800317de70 Arg4: fffff80002ed919a Debugging Details: ------------------ EXCEPTION_RECORD: fffff8800317e618 -- (.exr 0xfffff8800317e618) ExceptionAddress: fffff80002ed919a (nt!ExAcquireFastMutex+0x000000000000001a) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff CONTEXT: fffff8800317de70 -- (.cxr 0xfffff8800317de70) rax=0000000000000001 rbx=6e664d460041031c rcx=6e664d460041031c rdx=fffffa8003ad5b60 rsi=fffff8800317ea01 rdi=0000000000000000 rip=fffff80002ed919a rsp=fffff8800317e850 rbp=fffff80003067260 r8=0000000000000000 r9=0000000000000000 r10=fffff80002e4a000 r11=fffff8800317e850 r12=fffff8a007f2a010 r13=fffff8a008256bc0 r14=fffff8a007f2a300 r15=0000000000000000 iopl=0 nv up ei ng nz na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010286 nt!ExAcquireFastMutex+0x1a: fffff800`02ed919a f00fba3100 lock btr dword ptr [rcx],0 ds:002b:6e664d46`0041031c=???????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: System CURRENT_IRQL: 1 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: ffffffffffffffff READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030f9100 ffffffffffffffff FOLLOWUP_IP: Ntfs!NtfsTeardownFromLcb+fb fffff880`0102c88b 83bfc000000000 cmp dword ptr [rdi+0C0h],0 FAULTING_IP: nt!ExAcquireFastMutex+1a fffff800`02ed919a f00fba3100 lock btr dword ptr [rcx],0 BUGCHECK_STR: 0x24 LAST_CONTROL_TRANSFER: from fffff8800102c88b to fffff80002ed919a STACK_TEXT: fffff880`0317e850 fffff880`0102c88b : fffff8a0`07f2a010 fffff800`03067260 fffff880`0317ea01 fffff880`010b4cc1 : nt!ExAcquireFastMutex+0x1a fffff880`0317e880 fffff880`010b263c : fffffa80`03bfb770 fffffa80`0498a180 fffff8a0`07f2a010 fffff8a0`07f2a3a8 : Ntfs!NtfsTeardownFromLcb+0xfb fffff880`0317e910 fffff880`010340e2 : fffffa80`03bfb770 fffffa80`03bfb770 fffff8a0`07f2a010 00000000`00000000 : Ntfs!NtfsTeardownStructures+0xcc fffff880`0317e990 fffff880`010c2193 : fffffa80`03bfb770 fffff800`03067260 fffff8a0`07f2a010 00000000`00000009 : Ntfs!NtfsDecrementCloseCounts+0xa2 fffff880`0317e9d0 fffff880`010b1357 : fffffa80`03bfb770 fffff8a0`07f2a140 fffff8a0`07f2a010 fffffa80`0498a180 : Ntfs!NtfsCommonClose+0x353 fffff880`0317eaa0 fffff800`02ed1001 : 00000000`00000000 fffff800`031bd900 fffffa80`03ad5b01 fffffa80`00000002 : Ntfs!NtfsFspClose+0x15f fffff880`0317eb70 fffff800`03161fee : 00000000`00000000 fffffa80`03ad5b60 00000000`00000080 fffffa80`039a4040 : nt!ExpWorkerThread+0x111 fffff880`0317ec00 fffff800`02eb85e6 : fffff880`02f64180 fffffa80`03ad5b60 fffff880`02f6efc0 00010000`01000001 : nt!PspSystemThreadStartup+0x5a fffff880`0317ec40 00000000`00000000 : fffff880`0317f000 fffff880`03179000 fffff880`0317e8a0 00000000`00000000 : nt!KxStartSystemThread+0x16 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: Ntfs!NtfsTeardownFromLcb+fb FOLLOWUP_NAME: MachineOwner MODULE_NAME: Ntfs IMAGE_NAME: Ntfs.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b STACK_COMMAND: .cxr 0xfffff8800317de70 ; kb FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsTeardownFromLcb+fb BUCKET_ID: X64_0x24_Ntfs!NtfsTeardownFromLcb+fb Followup: MachineOwner ---------
    3. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\R4ndom\Windows_NT6_BSOD_jcgriff2\010912-16317-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02e4b000 PsLoadedModuleList = 0xfffff800`03090670 Debug session time: Mon Jan 9 12:30:10.220 2012 (UTC - 7:00) System Uptime: 0 days 0:30:24.780 Loading Kernel Symbols ............................................................... ................................................................ ........................ Loading User Symbols Loading unloaded module list ...... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 4E, {99, 233cb, 2, 670a3} Probably caused by : memory_corruption ( nt!MiBadShareCount+4c ) Followup: MachineOwner --------- 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* PFN_LIST_CORRUPT (4e) Typically caused by drivers passing bad memory descriptor lists (ie: calling MmUnlockPages twice with the same list, etc). If a kernel debugger is available get the stack trace. Arguments: Arg1: 0000000000000099, A PTE or PFN is corrupt Arg2: 00000000000233cb, page frame number Arg3: 0000000000000002, current page state Arg4: 00000000000670a3, 0 Debugging Details: ------------------ BUGCHECK_STR: 0x4E_99 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: SC2.exe CURRENT_IRQL: 2 LAST_CONTROL_TRANSFER: from fffff80002f50d7c to fffff80002ec7c40 STACK_TEXT: fffff880`07b61c38 fffff800`02f50d7c : 00000000`0000004e 00000000`00000099 00000000`000233cb 00000000`00000002 : nt!KeBugCheckEx fffff880`07b61c40 fffff800`02e6f3d7 : 00000000`00000000 fffff680`00180038 00000000`00000000 fffff700`012e7ff8 : nt!MiBadShareCount+0x4c fffff880`07b61c80 fffff800`02ef9bb7 : 00000000`00000000 fffff680`00180df8 fffffa80`0446c5e0 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x3309d fffff880`07b61e30 fffff800`02eb50ff : fffffa80`00000000 00000000`301bffff 00000000`00000000 00000000`00000000 : nt!MiDeleteVirtualAddresses+0x41f fffff880`07b61ff0 fffff800`02ec6ed3 : ffffffff`ffffffff fffff8a0`0a3e4268 fffff8a0`0a3e4290 fffffa80`00008000 : nt!NtFreeVirtualMemory+0x61f fffff880`07b620f0 fffff800`02ec3470 : fffff880`11da94b2 fffff8a0`07599930 fffffa80`0446c5e0 fffffa80`04083db0 : nt!KiSystemServiceCopyEnd+0x13 fffff880`07b62288 fffff880`11da94b2 : fffff8a0`07599930 fffffa80`0446c5e0 fffffa80`04083db0 fffff8a0`0a3e4260 : nt!KiServiceLinkage fffff880`07b62290 fffff880`11d94b5a : fffff880`07b622b8 fffff8a0`08ca3ac0 00000000`00000001 00000000`00000000 : dxgmms1!VIDMM_PROCESS_HEAP::Free+0xa2 fffff880`07b622c0 fffff880`11d8f523 : fffffa80`063c5010 00000000`00000000 fffff8a0`07599930 00000000`00000000 : dxgmms1!VIDMM_GLOBAL::CloseLocalAllocation+0x112 fffff880`07b62370 fffff880`11d75ecc : fffff8a0`00000000 fffffa80`00000000 00000000`00000000 00000000`00000000 : dxgmms1!VIDMM_GLOBAL::CloseOneAllocation+0x19b fffff880`07b62440 fffff880`11037ccc : 00000000`00000000 fffff8a0`015fc000 fffff8a0`015fc000 00000000`00000001 : dxgmms1!VidMmCloseAllocation+0x44 fffff880`07b62470 fffff880`1104a784 : 00000000`00000001 00000000`00000000 00000000`00000000 fffff8a0`00000799 : dxgkrnl!DXGDEVICE::DestroyAllocations+0x248 fffff880`07b62560 fffff880`1102f815 : 00000000`fffffeda fffff8a0`079d10e0 fffff8a0`015fc000 fffffa80`05c5c000 : dxgkrnl!DXGDEVICE::~DXGDEVICE+0x19c fffff880`07b625d0 fffff880`1106de4a : 00000000`00000010 fffffa80`05c5c000 fffff8a0`079d10e0 fffff8a0`079d1160 : dxgkrnl!DXGADAPTER::DestroyDevice+0x1c9 fffff880`07b62600 fffff880`1106d7e0 : fffff900`c077cce0 00000000`00000000 00000000`00000001 fffff900`c077cce0 : dxgkrnl!DXGPROCESS::Destroy+0xba fffff880`07b626b0 fffff960`00165ec4 : 00000000`000001b0 fffff900`c077cce0 00000000`00000000 fffff900`c077cce0 : dxgkrnl!DxgkProcessCallout+0x268 fffff880`07b62740 fffff960`001655af : 00000000`00000000 fffff880`07b62ae0 fffffa80`0442bb60 00000000`00000000 : win32k!GdiProcessCallout+0x244 fffff880`07b627c0 fffff800`0319da81 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`0442bb00 : win32k!W32pProcessCallout+0x6b fffff880`07b627f0 fffff800`0318109d : 00000000`20010000 00000000`20010001 fffffa80`78457300 fffffa80`05eecb60 : nt!PspExitThread+0x4d1 fffff880`07b628f0 fffff800`02ebb3fa : 00000000`00000100 fffffa80`0442bc20 00000000`00000001 fffff800`02ecd13d : nt!PsExitSpecialApc+0x1d fffff880`07b62920 fffff800`02ebb740 : 00000000`00000246 fffff880`07b629a0 fffff800`03181010 00000000`00000001 : nt!KiDeliverApc+0x2ca fffff880`07b629a0 fffff800`02ec6f77 : fffffa80`0442bb60 00000000`0000041c 00000000`00000000 fffffa80`04626ee0 : nt!KiInitiateUserApc+0x70 fffff880`07b62ae0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9c STACK_COMMAND: kb FOLLOWUP_IP: nt!MiBadShareCount+4c fffff800`02f50d7c cc int 3 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt!MiBadShareCount+4c FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3 IMAGE_NAME: memory_corruption FAILURE_BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c BUCKET_ID: X64_0x4E_99_nt!MiBadShareCount+4c Followup: MachineOwner ---------
    4. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\R4ndom\Windows_NT6_BSOD_jcgriff2\010912-23493-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02e5b000 PsLoadedModuleList = 0xfffff800`030a0670 Debug session time: Mon Jan 9 12:37:21.523 2012 (UTC - 7:00) System Uptime: 0 days 0:06:37.100 Loading Kernel Symbols ............................................................... ................................................................ ....................... Loading User Symbols Loading unloaded module list ...... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 1A, {31, fffffa8003ba3500, fffff88005550000, fffff8a0070d0afd} Probably caused by : ntkrnlmp.exe ( nt! ?? ::NNGAKEGL::`string'+7271 ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* MEMORY_MANAGEMENT (1a) # Any other values for parameter 1 must be individually examined. Arguments: Arg1: 0000000000000031, The subtype of the bugcheck. Arg2: fffffa8003ba3500 Arg3: fffff88005550000 Arg4: fffff8a0070d0afd Debugging Details: ------------------ BUGCHECK_STR: 0x1a_31 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: svchost.exe CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from fffff80003134b25 to fffff80002ed7c40 STACK_TEXT: fffff880`093f1398 fffff800`03134b25 : 00000000`0000001a 00000000`00000031 fffffa80`03ba3500 fffff880`05550000 : nt!KeBugCheckEx fffff880`093f13a0 fffff800`031afc37 : 00000000`00000000 fffffa80`03d3e660 00000000`0000002d fffff8a0`070d0580 : nt! ?? ::NNGAKEGL::`string'+0x7271 fffff880`093f1400 fffff800`02f076eb : ffffffff`ffffffff fffff880`093f1570 00000000`00001800 00000000`00000000 : nt!MiRelocateImagePfn+0xf7 fffff880`093f1460 fffff800`02e72b64 : fffffa80`04be9ad0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiWaitForInPageComplete+0x7ef fffff880`093f1540 fffff800`03131e7a : 00000000`00000000 fffffa80`061d2900 00000000`00000001 fffffa80`061d2900 : nt!MiPfCompletePrefetchIos+0x54 fffff880`093f1570 fffff800`0333504d : 00000000`00000005 00000000`00000005 fffffa80`061d2900 fffff880`093f1638 : nt!MmPrefetchPages+0x13a fffff880`093f15d0 fffff800`0333d06e : fffff8a0`00000000 fffff8a0`00000000 fffff8a0`000001af 00000000`00000000 : nt!PfpPrefetchFilesTrickle+0x21d fffff880`093f16d0 fffff800`0333dc07 : 00000000`00000000 fffff880`093f1b60 fffff880`093f18c8 fffff8a0`01a956c0 : nt!PfpPrefetchRequestPerform+0x30e fffff880`093f1820 fffff800`0334a1de : fffff880`093f18c8 00000000`00000001 fffffa80`064f2240 00000000`00000000 : nt!PfpPrefetchRequest+0x176 fffff880`093f1890 fffff800`0334ea0a : 00000000`00000000 00000000`0000004f 00000000`00000000 fffffa80`063b7b01 : nt!PfSetSuperfetchInformation+0x1ad fffff880`093f1970 fffff800`02ed6ed3 : fffffa80`03d3e660 00000000`00000000 00000000`00000001 00000000`00000001 : nt!NtSetSystemInformation+0xc8d fffff880`093f1ae0 00000000`77c72a0a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`00cef668 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77c72a0a STACK_COMMAND: kb FOLLOWUP_IP: nt! ?? ::NNGAKEGL::`string'+7271 fffff800`03134b25 cc int 3 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt! ?? ::NNGAKEGL::`string'+7271 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 4e02aaa3 FAILURE_BUCKET_ID: X64_0x1a_31_nt!_??_::NNGAKEGL::_string_+7271 BUCKET_ID: X64_0x1a_31_nt!_??_::NNGAKEGL::_string_+7271 Followup: MachineOwner ---------
    5. Loading Dump File [C:\Users\Mike\Downloads\BSODDmpFiles\R4ndom\Windows_NT6_BSOD_jcgriff2\010912-18252-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\users\mike\documents\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506 Machine Name: Kernel base = 0xfffff800`02e52000 PsLoadedModuleList = 0xfffff800`03097670 Debug session time: Mon Jan 9 14:54:22.826 2012 (UTC - 7:00) System Uptime: 0 days 0:24:34.387 Loading Kernel Symbols ............................................................... ................................................................ ...................... Loading User Symbols Loading unloaded module list ..... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 24, {1904fb, fffff8800b4b7b18, fffff8800b4b7370, fffff8800104f8ad} Probably caused by : Ntfs.sys ( Ntfs!NtfsAcquireFcbWithPaging+12d ) Followup: MachineOwner --------- 3: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* NTFS_FILE_SYSTEM (24) If you see NtfsExceptionFilter on the stack then the 2nd and 3rd parameters are the exception record and context record. Do a .cxr on the 3rd parameter and then kb to obtain a more informative stack trace. Arguments: Arg1: 00000000001904fb Arg2: fffff8800b4b7b18 Arg3: fffff8800b4b7370 Arg4: fffff8800104f8ad Debugging Details: ------------------ EXCEPTION_RECORD: fffff8800b4b7b18 -- (.exr 0xfffff8800b4b7b18) ExceptionAddress: fffff8800104f8ad (Ntfs!NtfsAcquireFcbWithPaging+0x000000000000012d) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff CONTEXT: fffff8800b4b7370 -- (.cxr 0xfffff8800b4b7370) rax=0000000000000000 rbx=0000000000000003 rcx=01ca044465b3f749 rdx=0000000000000000 rsi=0000000000000002 rdi=fffffa8003fe32b0 rip=fffff8800104f8ad rsp=fffff8800b4b7d50 rbp=0000000000000002 r8=0000000000000702 r9=0000000000000002 r10=fffffa8003fe32b0 r11=fffff8a002d00172 r12=fffff8a00c75e5c0 r13=00000000c00000d8 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na po cy cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010287 Ntfs!NtfsAcquireFcbWithPaging+0x12d: fffff880`0104f8ad 488b4958 mov rcx,qword ptr [rcx+58h] ds:002b:01ca0444`65b3f7a1=???????????????? Resetting default scope CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT PROCESS_NAME: rstrui.exe CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: ffffffffffffffff READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003101100 ffffffffffffffff FOLLOWUP_IP: Ntfs!NtfsAcquireFcbWithPaging+12d fffff880`0104f8ad 488b4958 mov rcx,qword ptr [rcx+58h] FAULTING_IP: Ntfs!NtfsAcquireFcbWithPaging+12d fffff880`0104f8ad 488b4958 mov rcx,qword ptr [rcx+58h] BUGCHECK_STR: 0x24 LAST_CONTROL_TRANSFER: from fffff880010ea777 to fffff8800104f8ad STACK_TEXT: fffff880`0b4b7d50 fffff880`010ea777 : 00000000`00000000 fffff8a0`0c75ea00 fffff8a0`02d0022c 00000000`00000000 : Ntfs!NtfsAcquireFcbWithPaging+0x12d fffff880`0b4b7db0 fffff880`010e8fd2 : fffffa80`03fe32b0 fffffa80`0495b350 fffff8a0`00157bc0 00000000`00000701 : Ntfs!NtfsFindPrefixHashEntry+0x44e fffff880`0b4b7ee0 fffff880`010e6911 : fffffa80`03fe32b0 fffffa80`04285c10 fffff880`0b4b80b0 fffff880`0b4b8100 : Ntfs!NtfsFindStartingNode+0x452 fffff880`0b4b7fb0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Ntfs!NtfsCommonCreate+0x3e1 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: Ntfs!NtfsAcquireFcbWithPaging+12d FOLLOWUP_NAME: MachineOwner MODULE_NAME: Ntfs IMAGE_NAME: Ntfs.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d79997b STACK_COMMAND: .cxr 0xfffff8800b4b7370 ; kb FAILURE_BUCKET_ID: X64_0x24_Ntfs!NtfsAcquireFcbWithPaging+12d BUCKET_ID: X64_0x24_Ntfs!NtfsAcquireFcbWithPaging+12d Followup: MachineOwner ---------
    Start by running a Disk Check with both boxes checked.

    Tonight, an hour before bed, run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. This is in case Windows memory diagnostics missed anything. Check it just before you go to sleep to make sure there are no errors and it is still running. Then let it run overnight. Post back your results.
      My Computer


  9. Posts : 59
    Windows 7 home Premium 64bit
    Thread Starter
       #9

    Thanks writhziden for having a look at the dumps. So you see nothing driver-related there, a hardware issue being more probable?

    I will re-run the memtest86+ tests as suggested as well as chkdisk following your links.

    As for chkdisk, shall I check all the three partitions that I have, or just the system one?

    Thanks, will post results tomorrow, as I didn't read your message last night :)
      My Computer


  10. Posts : 11,269
    Windows 7 Home Premium 64 Bit
       #10

    R4ndom said:
    Thanks writhziden for having a look at the dumps. So you see nothing driver-related there, a hardware issue being more probable?

    I will re-run the memtest86+ tests as suggested as well as chkdisk following your links.

    As for chkdisk, shall I check all the three partitions that I have, or just the system one?

    Thanks, will post results tomorrow, as I didn't read your message last night :)
    No regular drivers showed up; all faults were blamed on system drivers, and the ones you received were hard disk related which usually means a hard disk with file corruption or bad sectors. There are other possible causes, but we should rule that one out first.

    Run disk check on all drives that have the Windows folder, a Program Files folder, or a Users folder on them. Any drives containing the Windows layout, basically.
      My Computer


 
Page 1 of 11 123 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:08.
Find Us