BSOD randomly, mosty ntoskrnl.exe

Page 1 of 2 12 LastLast

  1. antarans
    Posts : 6
    Windows 7 x64 home premium
       New #1

    BSOD randomly, mosty ntoskrnl.exe


    My system started to do BSOD every now and then. It can happen playing games or just comp. being idle. Did restore to previous update point, reinstalled all device drivers. CPU has been tested with prime95 12hrs and memory memtest86 20hrs. No luck so far. Hope you could find something out from dumps etc.

    Windows is x64 home premium. Comp specs in char info
      My Computer
    Quote Quote

  3. zigzag3143
    Posts : 28,845
    Win 8 Release candidate 8400
       New #2

    antarans said:
    My system started to do BSOD every now and then. It can happen playing games or just comp. being idle. Did restore to previous update point, reinstalled all device drivers. CPU has been tested with prime95 12hrs and memory memtest86 20hrs. No luck so far. Hope you could find something out from dumps etc.

    Windows is x64 home premium. Comp specs in char info

    This file has no information about it and I suspect malware. (spcx.sys)


    Just in case please run malwarebytes.

    Please download the free version of Malwarebytes.
    Update it immediately.
    Do a full system scan
    Let us know the results at the end.

    Malwarebytes : Download free malware, virus and spyware tools to get your computer back in shape!
      My Computer
    Quote Quote

  4. antarans
    Posts : 6
    Windows 7 x64 home premium
    Thread Starter
       New #3

    Did run malwarebytes, nothing. I also tested different graphiccard but helped none so I ended up reinstalling windows and no bsod so far (all same drivers than before). But this morning i saw my cpu load was constant 25% (means 1 core max utilization), process explorer gives this: system, TID 8, ntoskml.exe!WheaAttemptPhysicalPageOffline+0x350 . Any idea what is this? It also seems take less cpu if i stress my cpu with prime example.
      My Computer
    Quote Quote

  6. antarans
    Posts : 6
    Windows 7 x64 home premium
    Thread Starter
       New #4

    Reinstalled windows, all worked nice over a week but then again bsod (didnt really chance anything). I did install windbg and found out that svchost.exe/Fileinfo.sys had something to do with it. Gonna see if and how often this will become again and then post more minidumps.
      My Computer
    Quote Quote

  7. writhziden
    Posts : 11,269
    Windows 7 Home Premium 64 Bit
       New #5

    Alright, let us know if you need any further assistance or analysis. Best of luck.
      My Computer
    Quote Quote

  8. antarans
    Posts : 6
    Windows 7 x64 home premium
    Thread Starter
       New #6

    minidump etc on attach. Still random BSOD:s, this has become helpless. Dont know what to do next. Trying with different cpu now, next i might just gonna buy new rig component by component untill it stops bsod. If you can see anything from those minidumps please let me know.
      My Computer
    Quote Quote

  10. writhziden
    Posts : 11,269
    Windows 7 Home Premium 64 Bit
       New #7

    Antivirus Software
    Code:
    mbamgui.exe	c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe	156	8	200	1380	6.3.2012 18:37	Not Available	Not Available	Not Available
mbamservice.exe	c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe	1240	8	80	80	6.3.2012 18:38	Not Available	Not Available	Not Available
msmpeng.exe	c:\program files\microsoft security client\antimalware\msmpeng.exe	868	8	200	1380	6.3.2012 18:36	3.0.8402.0	12,48 KB (12*784 bytes)	27.4.2011 18:21
nissrv.exe	c:\program files\microsoft security client\antimalware\nissrv.exe	1904	8	200	1380	6.3.2012 18:36	3.0.8402.0	281,52 KB (288*272 bytes)	27.4.2011 18:21
msseces.exe	c:\program files\microsoft security client\msseces.exe	2788	8	200	1380	6.3.2012 18:36	2.1.1116.0	1,37 MB (1*436*736 bytes)	15.6.2011 15:35
    Do you have the full/trial version of Malwarebytes as well as Microsoft Security Essentials installed together?


    Possible out of date drivers:
    Code:
    LHidFilt	fffff880`04822000	fffff880`04835000	Wed Jun 17 10:49:39 2009 (4a391ea3)	00014ede		LHidFilt.Sys
LMouFilt	fffff880`04bcb000	fffff880`04bdf000	Wed Jun 17 10:49:43 2009 (4a391ea7)	0001d7ff		LMouFilt.Sys
LUsbFilt	fffff880`049d1000	fffff880`049e1000	Wed Jun 17 10:49:46 2009 (4a391eaa)	0001245f		LUsbFilt.Sys
    LHidFilt.Sys
    LMouFilt.Sys
    LUsbFilt.Sys


    Code:
    1. 
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\Kingston\BSODDmpFiles\antarans\Windows_NT6_BSOD_jcgriff2\030612-17721-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (3 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e05000 PsLoadedModuleList = 0xfffff800`0304a670
Debug session time: Tue Mar  6 09:32:23.511 2012 (UTC - 7:00)
System Uptime: 0 days 0:04:05.728
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000007E, {ffffffffc0000005, fffff80002e49cfc, fffff880009a99d8, fffff880009a9230}

Probably caused by : memory_corruption ( nt!MmZeroPageThread+883 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002e49cfc, The address that the exception occurred at
Arg3: fffff880009a99d8, Exception Record Address
Arg4: fffff880009a9230, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!MmZeroPageThread+883
fffff800`02e49cfc 4d8b3f          mov     r15,qword ptr [r15]

EXCEPTION_RECORD:  fffff880009a99d8 -- (.exr 0xfffff880009a99d8)
ExceptionAddress: fffff80002e49cfc (nt!MmZeroPageThread+0x0000000000000883)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 00000000002002e8
Attempt to read from address 00000000002002e8

CONTEXT:  fffff880009a9230 -- (.cxr 0xfffff880009a9230)
rax=0000000000000000 rbx=00000000002002e8 rcx=fffff880009a9b60
rdx=00000000001de4e8 rsi=00000000002003e8 rdi=0000000000000002
rip=fffff80002e49cfc rsp=fffff880009a9c10 rbp=0000000000000000
 r8=0000000000000001  r9=0000000000000000 r10=fffffa8006902460
r11=fffff880009a9be0 r12=0000000000000000 r13=0000000000000000
r14=0000058000000000 r15=00000000002002e8
iopl=0         nv up ei pl nz ac pe cy
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010213
nt!MmZeroPageThread+0x883:
fffff800`02e49cfc 4d8b3f          mov     r15,qword ptr [r15] ds:002b:00000000`002002e8=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  00000000002002e8

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030b4100
 00000000002002e8 

FOLLOWUP_IP: 
nt!MmZeroPageThread+883
fffff800`02e49cfc 4d8b3f          mov     r15,qword ptr [r15]

BUGCHECK_STR:  0x7E

LAST_CONTROL_TRANSFER:  from fffff8000311cfee to fffff80002e49cfc

STACK_TEXT:  
fffff880`009a9c10 fffff800`0311cfee : fffffa80`06a23040 00000000`00000080 fffffa80`069ab9e0 fffff800`02e735d9 : nt!MmZeroPageThread+0x883
fffff880`009a9d40 fffff800`02e735e6 : fffff800`02ff7e80 fffffa80`06a23040 fffff800`03005cc0 3a413b04`8a411474 : nt!PspSystemThreadStartup+0x5a
fffff880`009a9d80 00000000`00000000 : fffff880`009aa000 fffff880`009a4000 fffff880`009a98b0 00000000`00000000 : nt!KxStartSystemThread+0x16


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!MmZeroPageThread+883

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

STACK_COMMAND:  .cxr 0xfffff880009a9230 ; kb

IMAGE_NAME:  memory_corruption

FAILURE_BUCKET_ID:  X64_0x7E_nt!MmZeroPageThread+883

BUCKET_ID:  X64_0x7E_nt!MmZeroPageThread+883

Followup: MachineOwner
---------
    2. 
Loading Dump File [D:\Kingston\BSODDmpFiles\antarans\Windows_NT6_BSOD_jcgriff2\030612-18236-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e50000 PsLoadedModuleList = 0xfffff800`03095670
Debug session time: Tue Mar  6 05:40:51.601 2012 (UTC - 7:00)
System Uptime: 0 days 3:49:30.208
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41287, 16b471, 0, 0}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+46485 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041287, The subtype of the bugcheck.
Arg2: 000000000016b471
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_41287

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

TRAP_FRAME:  fffff880075fa940 -- (.trap 0xfffff880075fa940)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000002c0000 rbx=0000000000000000 rcx=fffff8a009581000
rdx=fffffffff9639020 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ec37fb rsp=fffff880075faad8 rbp=0000000000000001
 r8=0000000000000010  r9=0000000000000001 r10=000000000000002c
r11=fffff8a009580ff8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
nt!memcpy+0x20b:
fffff800`02ec37fb 488901          mov     qword ptr [rcx],rax ds:0002:fffff8a0`09581000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002e5fd7e to fffff80002eccc40

STACK_TEXT:  
fffff880`075fa2d8 fffff800`02e5fd7e : 00000000`0000001a 00000000`00041287 00000000`0016b471 00000000`00000000 : nt!KeBugCheckEx
fffff880`075fa2e0 fffff800`02ecad6e : 00000000`00000000 00000000`0016b471 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x46485
fffff880`075fa440 fffff800`02ec4b65 : 00000000`00000000 fffff800`02edd8cb 80000000`c6620963 fffff880`075fa640 : nt!KiPageFault+0x16e
fffff880`075fa5d0 fffff800`02edd8cb : 80000000`c6620963 fffff880`075fa640 fffff781`c0000000 fffff800`031025c0 : nt!ExpInterlockedPopEntrySListFault16
fffff880`075fa5e0 fffff800`02eea75e : 00000000`00000001 fffff8a0`09581000 fffff880`075fa940 fffff6fc`5004ac08 : nt!MiResolveDemandZeroFault+0x5cb
fffff880`075fa6d0 fffff800`02eda9db : 00000000`00000000 fffff880`075fa880 00000000`00000000 00000000`00000000 : nt!MiDispatchFault+0x8ce
fffff880`075fa7e0 fffff800`02ecad6e : 00000000`00000001 fffff8a0`09581000 ffffffff`f9659f00 fffff8a0`02bba018 : nt!MmAccessFault+0xe1b
fffff880`075fa940 fffff800`02ec37fb : fffff800`032e9f63 fffff8a0`02bba008 00000000`00000001 fffff8a0`09580fe8 : nt!KiPageFault+0x16e
fffff880`075faad8 fffff800`032e9f63 : fffff8a0`02bba008 00000000`00000001 fffff8a0`09580fe8 fffff800`00000000 : nt!memcpy+0x20b
fffff880`075faae0 fffff800`033390b0 : fffff880`075fac10 fffff8a0`02bb6018 fffff8a0`0956d000 fffff8a0`09447000 : nt!PfTCreateTraceDump+0x2e3
fffff880`075fabe0 fffff800`0333eca3 : fffffa80`07bd2001 00000000`00000080 fffffa80`069ab9e0 fffff800`03054da8 : nt!PfTGenerateTrace+0x10
fffff880`075fac10 fffff800`03167fee : ffffffff`ff676980 fffffa80`07bd2060 fffffa80`0aa58670 fffff800`02ec4757 : nt!PfTLoggingWorker+0x113
fffff880`075fad40 fffff800`02ebe5e6 : fffff800`03042e80 fffffa80`07bd2060 fffff800`03050cc0 fffff880`0103c384 : nt!PspSystemThreadStartup+0x5a
fffff880`075fad80 00000000`00000000 : fffff880`075fb000 fffff880`075f5000 fffff880`075fa740 00000000`00000000 : nt!KxStartSystemThread+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+46485
fffff800`02e5fd7e cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+46485

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aaa3

FAILURE_BUCKET_ID:  X64_0x1a_41287_nt!_??_::FNODOBFM::_string_+46485

BUCKET_ID:  X64_0x1a_41287_nt!_??_::FNODOBFM::_string_+46485

Followup: MachineOwner
---------
    3. 
Loading Dump File [D:\Kingston\BSODDmpFiles\antarans\Windows_NT6_BSOD_jcgriff2\030612-17768-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e15000 PsLoadedModuleList = 0xfffff800`0305a670
Debug session time: Tue Mar  6 01:50:17.600 2012 (UTC - 7:00)
System Uptime: 0 days 2:00:25.817
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {ffffffffc0000005, fffff80002fc0617, 0, ffffffffffffffff}

Probably caused by : fileinfo.sys ( fileinfo!FIPfInterfaceOpen+409 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002fc0617, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!ExAllocatePoolWithTag+537
fffff800`02fc0617 48895808        mov     qword ptr [rax+8],rbx

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030c4100
 ffffffffffffffff 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

BUGCHECK_STR:  0x1E_c0000005

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  WerFault.exe

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff80002edd588 to fffff80002e91c40

STACK_TEXT:  
fffff880`0733d0c8 fffff800`02edd588 : 00000000`0000001e ffffffff`c0000005 fffff800`02fc0617 00000000`00000000 : nt!KeBugCheckEx
fffff880`0733d0d0 fffff800`02e912c2 : fffff880`0733d8a8 fffff800`0301c4d0 fffff880`0733d950 00000000`00000006 : nt! ?? ::FNODOBFM::`string'+0x4977d
fffff880`0733d770 fffff800`02e8fbca : fffffa80`07a51010 fffff800`03015c80 00000000`4004b700 fffffa80`07ff8358 : nt!KiExceptionDispatch+0xc2
fffff880`0733d950 fffff800`02fc0617 : 00000000`00000020 fffff880`0733db78 00000000`00000000 00000000`00000000 : nt!KiGeneralProtectionFault+0x10a
fffff880`0733dae0 fffff800`02e5ddc6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExAllocatePoolWithTag+0x537
fffff880`0733dbd0 fffff800`0313e01e : 00000240`07a50001 fffffa80`0b692010 00000000`00000000 fffff880`0733ddd0 : nt!IopAllocateFileObjectExtension+0xee
fffff880`0733dc40 fffff800`0319988e : fffffa80`0b692010 00000000`00000000 00000000`00000060 fffff880`0733dcc8 : nt!IopAllocateFoExtensionsOnCreate+0x36
fffff880`0733dc90 fffff800`0318fe8a : 00000000`00000004 fffffa80`0b4f55c8 fffffa80`0793ccd0 fffffa80`0b692010 : nt!IopAllocRealFileObject+0x34e
fffff880`0733dd40 fffff800`0318c838 : fffffa80`0793ccd0 fffff800`00000000 fffffa80`0b4f5410 fffff880`00000000 : nt!IopParseDevice+0x49a
fffff880`0733ded0 fffff800`0318da56 : 00000000`00000000 fffffa80`0b4f5410 00000000`00000000 fffffa80`06a87660 : nt!ObpLookupObjectName+0x588
fffff880`0733dfc0 fffff800`0318f35c : fffff880`009e9180 00000000`00000000 fffff800`0301c500 fffff880`0733e268 : nt!ObOpenObjectByName+0x306
fffff880`0733e090 fffff800`0313688b : fffff880`0733e378 00000000`000000a1 fffff880`0733e490 fffff880`0733e3b0 : nt!IopCreateFile+0x2bc
fffff880`0733e130 fffff880`00c5949c : 00000000`00000000 fffff880`0733e480 00000000`00000000 00000000`000000a1 : nt!IoCreateFileEx+0xfb
fffff880`0733e1d0 fffff880`00c8c1e1 : 00000000`00000007 fffffa80`07982960 fffff880`0733e378 fffff880`0733e368 : fltmgr!FltCreateFileEx2+0x18c
fffff880`0733e2e0 fffff800`0321e475 : fffffa80`0ade0b01 00000000`00000001 fffff880`0733e5a8 fffffa80`07982960 : fileinfo!FIPfInterfaceOpen+0x409
fffff880`0733e460 fffff800`032ed4ae : fffff8a0`0af244d0 ffffffff`fffdb610 fffff880`0733e6c0 00000002`00000000 : nt!PfpOpenHandleCreate+0x115
fffff880`0733e530 fffff800`032eda07 : 00000000`00000002 fffff8a0`09f2e6e0 fffff880`0733e6c0 00000000`0000002c : nt!PfSnGetSectionObject+0x12e
fffff880`0733e620 fffff800`032ede1d : fffff880`0733e740 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PfSnPrefetchSections+0x247
fffff880`0733e710 fffff800`032ee25f : 00000000`1a0985c2 fffffa80`0b6915b0 fffff8a0`0af1a000 00000000`00000000 : nt!PfSnPrefetchScenario+0x16d
fffff880`0733e980 fffff800`031ed2df : 00000000`00000000 00000000`37549b7e fffffa80`0a421aa0 00000000`00000000 : nt!PfSnBeginAppLaunch+0x35f
fffff880`0733ea50 fffff800`0317ffb8 : fffffa80`0ade0b60 fffffa80`0a421aa0 00000000`16050800 00000000`7efde000 : nt! ?? ::NNGAKEGL::`string'+0x513d0
fffff880`0733ea80 fffff800`02e83715 : fffff880`02f64180 00000000`00000000 fffff800`0317fe70 fffffa80`0ade0b60 : nt!PspUserThreadStartup+0x148
fffff880`0733eae0 fffff800`02e83697 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartUserThread+0x16
fffff880`0733ec20 00000000`7795c500 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiStartUserThreadReturn
00000000`000df7c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7795c500


STACK_COMMAND:  kb

FOLLOWUP_IP: 
fileinfo!FIPfInterfaceOpen+409
fffff880`00c8c1e1 413bc4          cmp     eax,r12d

SYMBOL_STACK_INDEX:  e

SYMBOL_NAME:  fileinfo!FIPfInterfaceOpen+409

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: fileinfo

IMAGE_NAME:  fileinfo.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc481

FAILURE_BUCKET_ID:  X64_0x1E_c0000005_fileinfo!FIPfInterfaceOpen+409

BUCKET_ID:  X64_0x1E_c0000005_fileinfo!FIPfInterfaceOpen+409

Followup: MachineOwner
---------
    4. 
Loading Dump File [D:\Kingston\BSODDmpFiles\antarans\Windows_NT6_BSOD_jcgriff2\030512-117858-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (3 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e59000 PsLoadedModuleList = 0xfffff800`0309e670
Debug session time: Mon Mar  5 11:55:50.475 2012 (UTC - 7:00)
System Uptime: 0 days 0:19:10.692
Loading Kernel Symbols
...............................................................
................................................................
...........................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C9, {220, fffff88005a10710, fffff98063350dc0, fffffa800b857770}

Unable to load image LGVirHid.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for LGVirHid.sys
*** ERROR: Module load completed but symbols could not be loaded for LGVirHid.sys
Probably caused by : HIDCLASS.SYS ( HIDCLASS!HidpMajorHandler+0 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_IOMANAGER_VIOLATION (c9)
The IO manager has caught a misbehaving driver.
Arguments:
Arg1: 0000000000000220, IRP_MJ_SYSTEM_CONTROL has been completed by someone other than the ProviderId.
	This IRP should either have been completed earlier or should have been passed
	down.
Arg2: fffff88005a10710, The address in the driver's code where the error was detected.
Arg3: fffff98063350dc0, IRP address.
Arg4: fffffa800b857770, ProviderId.

Debugging Details:
------------------


BUGCHECK_STR:  0xc9_220

DRIVER_VERIFIER_IO_VIOLATION_TYPE:  220

FAULTING_IP: 
HIDCLASS!HidpMajorHandler+0
fffff880`05a10710 48895c2410      mov     qword ptr [rsp+10h],rbx

FOLLOWUP_IP: 
HIDCLASS!HidpMajorHandler+0
fffff880`05a10710 48895c2410      mov     qword ptr [rsp+10h],rbx

IRP_ADDRESS:  fffff98063350dc0

DEVICE_OBJECT: fffffa800853c060

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  2

LOCK_ADDRESS:  fffff800030d4b80 -- (!locks fffff800030d4b80)

Resource @ nt!PiEngineLock (0xfffff800030d4b80)    Available

WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.


WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.

1 total locks

PNP_TRIAGE: 
	Lock address  : 0xfffff800030d4b80
	Thread Count  : 0
	Thread address: 0x0000000000000000
	Thread wait   : 0x0

LAST_CONTROL_TRANSFER:  from fffff8000335f3dc to fffff80002ed5c40

STACK_TEXT:  
fffff880`031690a8 fffff800`0335f3dc : 00000000`000000c9 00000000`00000220 fffff880`05a10710 fffff980`63350dc0 : nt!KeBugCheckEx
fffff880`031690b0 fffff800`0336947a : fffff800`0335d9f0 fffff880`05a10710 fffff980`63350dc0 fffffa80`0b857770 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`031690f0 fffff800`0336a0ff : 00000000`00000220 fffffa80`0b857770 fffff980`63350dc0 00000000`ffffffff : nt!ViErrorFinishReport+0xda
fffff880`03169140 fffff800`0336f6a7 : fffff980`63350f20 fffff880`05a10710 00000000`00000000 00000000`00000000 : nt!VfErrorReport10+0x6f
fffff880`03169220 fffff800`0335f04e : fffffa80`0b9281c8 00000000`00000000 00000000`00000000 00000000`00000000 : nt!VfWmiVerifyIrpStackUpward+0x67
fffff880`03169250 fffff800`0336bb2d : fffffa80`0b8ed220 fffffa80`0b928010 fffff980`63350dc0 fffff980`63350dc0 : nt!VfMajorVerifyIrpStackUpward+0x6e
fffff880`03169290 fffff800`0337d50d : fffff980`63350f20 fffff880`03169480 00000000`c00000bb fffff980`63350f20 : nt!IovpCompleteRequest2+0xad
fffff880`03169300 fffff800`02ed9021 : fffff980`63350f23 00000000`00000000 00000000`000000ff fffff800`03360eea : nt!IovpLocalCompletionRoutine+0x9d
fffff880`03169360 fffff800`0337519f : fffff980`63350dc0 fffff880`05a1a400 fffffa80`0853c100 00000000`00000000 : nt!IopfCompleteRequest+0x341
fffff880`03169450 fffff880`06bd2624 : fffff880`00000013 fffff880`03169578 00000000`c00000bb fffffa80`0853c1b0 : nt!IovCompleteRequest+0x19f
fffff880`03169520 fffff880`00000013 : fffff880`03169578 00000000`c00000bb fffffa80`0853c1b0 fffff980`63350f20 : LGVirHid+0x624
fffff880`03169528 fffff880`03169578 : 00000000`c00000bb fffffa80`0853c1b0 fffff980`63350f20 fffff880`05a10a0f : 0xfffff880`00000013
fffff880`03169530 00000000`c00000bb : fffffa80`0853c1b0 fffff980`63350f20 fffff880`05a10a0f 00000000`00000000 : 0xfffff880`03169578
fffff880`03169538 fffffa80`0853c1b0 : fffff980`63350f20 fffff880`05a10a0f 00000000`00000000 fffffa80`0853c1b0 : 0xc00000bb
fffff880`03169540 fffff980`63350f20 : fffff880`05a10a0f 00000000`00000000 fffffa80`0853c1b0 00000000`00000001 : 0xfffffa80`0853c1b0
fffff880`03169548 fffff880`05a10a0f : 00000000`00000000 fffffa80`0853c1b0 00000000`00000001 00000000`00000017 : 0xfffff980`63350f20
fffff880`03169550 fffff880`05a107fb : 00000000`00000000 fffffa80`0853c1b0 fffff980`63350dc0 fffff880`03169600 : HIDCLASS!HidpIrpMajorDefault+0x8b
fffff880`03169590 fffff800`0337bc16 : fffff980`00000002 fffff980`63350dc0 00000000`00000002 fffff800`0337737e : HIDCLASS!HidpMajorHandler+0xeb
fffff880`03169600 fffff800`0337ac42 : fffff980`63350f68 00000000`00000002 fffffa80`0b7df190 fffffa80`0b871f40 : nt!IovCallDriver+0x566
fffff880`03169660 fffff800`0337bc16 : fffff980`63350dc0 00000000`00000002 fffffa80`0b7df040 00000000`00000000 : nt!ViFilterDispatchGeneric+0x62
fffff880`03169690 fffff800`0337ad58 : fffff980`63350dc0 fffffa80`0b7df040 00000000`00000000 fffffa80`0b7095d0 : nt!IovCallDriver+0x566
fffff880`031696f0 fffff800`0337ae42 : fffffa80`0b857770 fffffa80`0b6307d0 fffffa80`0b857770 00000000`00000017 : nt!VfIrpSendSynchronousIrp+0xe8
fffff880`03169760 fffff800`03367faf : fffffa80`0b6307d0 00000000`000007ff fffff800`0300f5b8 fffff800`0326b899 : nt!VfWmiTestStartedPdoStack+0x72
fffff880`03169800 fffff800`02f829d2 : fffffa80`0b6307d0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!VfMajorTestStartedPdoStack+0x5f
fffff880`03169830 fffff800`032bfe5c : fffffa80`0b6307d0 fffffa80`0b6307d0 00000000`00000001 00000000`00000000 : nt!PpvUtilTestStartedPdoStack+0x12
fffff880`03169860 fffff800`032c1a54 : fffffa80`0b6307d0 fffffa80`0b6307d0 fffffa80`0b6307d0 00000000`00000001 : nt!PipProcessStartPhase3+0x55c
fffff880`03169950 fffff800`032c1e77 : fffffa80`0b6307d0 00000000`00000000 00000000`00000010 fffff800`032c1db0 : nt!PipProcessDevNodeTree+0x264
fffff880`03169bc0 fffff800`02fd28d3 : 00000001`00000003 00000000`00000000 00000000`00000001 00000000`00000000 : nt!PiRestartDevice+0xc7
fffff880`03169c10 fffff800`02ee0001 : fffff800`02fd25c0 fffff800`03076201 fffffa80`069feb00 00000000`00000000 : nt!PnpDeviceActionWorker+0x313
fffff880`03169cb0 fffff800`03170fee : 00000000`00000000 fffffa80`069feb60 00000000`00000080 fffffa80`069c75a0 : nt!ExpWorkerThread+0x111
fffff880`03169d40 fffff800`02ec75e6 : fffff880`02f64180 fffffa80`069feb60 fffff880`02f6ef80 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03169d80 00000000`00000000 : fffff880`0316a000 fffff880`03164000 fffff880`03169440 00000000`00000000 : nt!KxStartSystemThread+0x16


STACK_COMMAND:  .bugcheck ; kb

SYMBOL_NAME:  HIDCLASS!HidpMajorHandler+0

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: HIDCLASS

IMAGE_NAME:  HIDCLASS.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4ce7a665

FAILURE_BUCKET_ID:  X64_0xc9_220_HIDCLASS!HidpMajorHandler+0

BUCKET_ID:  X64_0xc9_220_HIDCLASS!HidpMajorHandler+0

Followup: MachineOwner
---------
    5. 
Loading Dump File [D:\Kingston\BSODDmpFiles\antarans\Windows_NT6_BSOD_jcgriff2\030512-18298-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (3 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02e0c000 PsLoadedModuleList = 0xfffff800`03051670
Debug session time: Sun Mar  4 17:31:02.596 2012 (UTC - 7:00)
System Uptime: 3 days 7:52:22.842
Loading Kernel Symbols
...............................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
........................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {8, 2, 1, fffff80002e94a26}

Probably caused by : memory_corruption

Followup: memory_corruption
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002e94a26, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800030bb100
 0000000000000008 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!KiInsertTimerTable+c6
fffff800`02e94a26 4c894008        mov     qword ptr [rax+8],r8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  CODE_CORRUPTION

BUGCHECK_STR:  0xA

PROCESS_NAME:  sidebar.exe

TRAP_FRAME:  fffff8800953b8e0 -- (.trap 0xfffff8800953b8e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000023f24130000 rbx=0000000000000000 rcx=fffffa8009e99860
rdx=0000000000000801 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002e80b65 rsp=fffff8800953ba70 rbp=0000000000000000
 r8=0000000000000800  r9=0000000000000000 r10=fffffa8009e99860
r11=fffff900c23bd9f0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
nt!ExpInterlockedPopEntrySListFault16:
fffff800`02e80b65 498b08          mov     rcx,qword ptr [r8] ds:00000000`00000800=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002e881e9 to fffff80002e88c40

STACK_TEXT:  
fffff880`0953ba70 fffff960`000fcb42 : fffffa80`0b15e060 fffffa80`0b15e060 00000000`00000000 fffffa80`00000001 : nt!ExpInterlockedPopEntrySListFault16
fffff880`0953ba80 fffff960`00101edd : 00000000`00000000 00000000`00000000 fffff880`03164180 fffffa80`0b15e168 : win32k!AllocQEntry+0x3e
fffff880`0953bab0 fffff960`001021e1 : fffff900`c23bd9f0 00000000`00008002 00000000`74492450 00000000`00000000 : win32k!PostMessageExtended+0x26d
fffff880`0953bb50 fffff960`00101c39 : 00000000`00000000 00000000`00000000 00000000`000102a0 fffff880`0953bc38 : win32k!PostMessageCheckIL+0x1c9
fffff880`0953bbc0 fffff800`02e87ed3 : fffffa80`0b15e060 fffff880`0953bca0 00000000`00000000 00000000`00000020 : win32k!NtUserPostMessage+0xed
fffff880`0953bc20 00000000`744dfeca : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`039be598 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x744dfeca


STACK_COMMAND:  .trap 0xfffff8800953b8e0 ; kb

CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
    fffff80002e94561 - nt!KiProcessExpiredTimerList+191
	[ 44:00 ]
1 error : !nt (fffff80002e94561)

MODULE_NAME: memory_corruption

IMAGE_NAME:  memory_corruption

FOLLOWUP_NAME:  memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MEMORY_CORRUPTOR:  ONE_BYTE

FAILURE_BUCKET_ID:  X64_MEMORY_CORRUPTION_ONE_BYTE

BUCKET_ID:  X64_MEMORY_CORRUPTION_ONE_BYTE

Followup: memory_corruption
---------
    1. Possible causes are Memory problems... BIOS... Corrupted hard disk file system... Corrupted System Files... Lack of Windows updates... Drivers...
    2. Possible causes are Memory problems... Drivers...
    3. Possible causes are Memory problems... Viruses... Corrupted hard disk file system... Corrupted System Files... Lack of Windows updates... Drivers...
      Thanks to JMH for helping with my understanding of this crash.
    4. Caused by LGVirHid.sys
    5. Possible causes are Memory problems... Corrupted hard disk file system... Corrupted System Files... BIOS... Lack of Windows updates... Antivirus Software... Backup... Hardware...

    Thanks to Dave76 for help understanding possible causes.



    We will start with the common problems first (see bold possible causes). Do the following steps and test by doing your normal routine after each step to see if stability increases (the memory tests you can run concurrently as they will not increase stability unless you are forced to move modules around). Post back your results after each step, and if you get a blue screen crash, upload the files again and await further instructions after we are able to analyze the crash.

    If you can do your normal routine for a few weeks without a crash, and your crashes are usually more frequent than that, then the problem is likely solved.

    • If you are overclocking any hardware, please stop.

    • Update all Logitech drivers for your Logitech device(s).

    • Run Disk Check with both boxes checked for all HDDs and with Automatically fix file system errors checked for all SSDs. Post back your logs for the checks after finding them using Check Disk (chkdsk) - Read Event Viewer Log

    • Run the short and long tests of SeaTools on your hard disk.

    • Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete (run them an hour before bed each of the next two nights and check before going to sleep that they are still running).

      If you swap any memory components, follow these steps for ESD safety:
      1. Shut down and turn off your computer.
      2. Unplug all power supplies to the computer (AC Power then battery for laptops, AC power for desktops)
      3. Hold down the power button for 30 seconds to close the circuit and ensure all power drains from components.
      4. Make sure you are grounded by using proper grounding techniques, i.e. work on an anti-static workbench, anti-static desk, or an anti-static pad. Hold something metallic while touching it to the anti-static surface, or use an anti-static wristband to attach to the anti-static material while working.

      Once these steps have been followed, it is safe to remove and replace components within your computer.

    • An underlying driver may be incompatible\conflicting with your system. Run Driver Verifier to find any issues. To run Driver Verifier, do the following:
      a. Backup your system and user files
      b. Create a system restore point
      c. If you do not have a Windows 7 DVD, Create a system repair disc
      d. Run Driver Verifier

      If Windows cannot start in normal mode with driver verifier running, start in safe mode. If it cannot start in safe mode or normal mode, restore the system restore point using System Restore OPTION TWO.

      Thanks to zigzag3143 for contributing to the Verifier steps.
      If you are unable to start Windows with all drivers being verified or if the blue screen crashes fail to create .dmp files, run them in groups of 5 or 10 until you find a group that causes blue screen crashes and stores the blue screen .dmp files.
      The idea with Verifier is to cause the system to crash, so do the things you normally do that cause crashes. After you have a few crashes, upload the crash reports for us to take a look and try to find patterns.
    Last edited by writhziden; 06 Mar 2012 at 12:45. Reason: SeaTools step added
      My Computer
    Quote Quote

  11. antarans
    Posts : 6
    Windows 7 x64 home premium
    Thread Starter
       New #8

    yes i have old logitech drivers now (3.03 because they should't call kernel directly, just a test), because latest (8.20) made bsod with HIDCLASS.SYS and bsod when accessing g11 profiles (atleast once). also uninstalled daemon tools because of sptd.sys bsod at boot. Windows updates are up to date, drivers are up to date (even logitech been 8.20 latest). And yes i had malware and essential installed, uninstalled malware but wont expect any progress.

    Going to put this rig to run memtest for night again, and tomorrow run verifier with all drivers loaded. Have done verifier run before, run about 20hrs without bsod, then bsod in about 5hrs after disabling verifier, frustrating.

    Thanks for reply, i appreciate it deeply.
      My Computer
    Quote Quote

  12. writhziden
    Posts : 11,269
    Windows 7 Home Premium 64 Bit
       New #9

    See how having only one antivirus works before doing the other steps. If you get another crash, proceed to the next steps.

    Also, make sure to check the hard disk as suggested. Fileinfo crashes point to a possible hard disk problem.

    Keep Verifier running for a few days this time. Sometimes it takes a while for it to cause verified crashes.

    Let us know the results of the RAM tests.

    Best of luck!
    Last edited by writhziden; 06 Mar 2012 at 13:51. Reason: Additional info for steps and re-ordered steps for highest priority.
      My Computer
    Quote Quote

  13. antarans
    Posts : 6
    Windows 7 x64 home premium
    Thread Starter
       New #10

    Bought new mobo and cpu, 2 week+ without crashes. I think there's something broken in mobo because cpu has worked fine in another computer for over week now. My money is on bridge chip. I think this case is closed now.
      My Computer
    Quote Quote

 
Page 1 of 2 12 LastLast

  Related Discussions
ntoskrnl.exe BSOD, happens randomly.
in BSOD Help and Support

My computer doesn't get BSOD's a lot but it happens usually when I'm in the loading screen of League Of Legends, or when I have multiple tabs open and skype on. Whats weird is I can get through 2-3 games of League without a blue screen. I tried doing some research on what's causing the BSOD but...
ntoskrnl.exe BSOD randomly
in BSOD Help and Support

I started getting the ntoskrnl.exe bsod a long time ago, then I replaced my ram with the new 16gb ram after running a memtest and it solved all my problems. Just last week I started getting the problems again. I've ran 8 tests on memtest and they've all passed, and I've checked my hdd with SeaTools...
BSOD Randomly, ntoskrnl.exe
in BSOD Help and Support

Hello there; I`ve just assembled a custom PC with kinda high end specs and apparently something is wrong with my computer because I`m having completely random blue screens. First one happened after i installed deamon tools lite, while trying to shutdown my computer. Then i tought it happened...
hello, recently i got a new laptop, just under a month ago. it had it's first bsod after downloading a few programs and a few games: Google chrome, java 64 bit and world of tanks, world of tanks randomly crashes, and random bsods, when browsing internet or gaming(different games). all the bc codes...
BSOD randomly, ntoskrnl.exe, W7 x64
in BSOD Help and Support

Hi, i have randomly bsods when surfing web or play games. Windows after fresh install. Ran memtest86+ (3passes, no errors) Please help ...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 09:51.
Find Us