Random BSODs related to ntfs.sys and system kernel

Page 2 of 2 FirstFirst 12

  1. cvmm69
    Posts : 9
    Windows 7 Home Premium 64bit
    Thread Starter
       New #11

    Tried it, didn't work. Removing the driver did help a bit, though. Now they occur much less often, but they still continue to come. That means that there is still something causing them. Latest dumps included. I really hope the reason is found, I keep losing my work.

    Code:
    MODULE_NAME: nt

FAULTING_MODULE: fffff80003008000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aa44

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

FAULTING_IP: 
nt!NtSetInformationThread+e94
fffff800`03346034 80be380b000001  cmp     byte ptr [rsi+0B38h],1

CONTEXT:  fffff8800843c040 -- (.cxr 0xfffff8800843c040)
rax=fffff8a01c144700 rbx=fffff8a01c144700 rcx=fffff8a01f01c6f8
rdx=0000000000000000 rsi=ffdff8a00b62a010 rdi=fffff8a01f01c6f8
rip=fffff80003346034 rsp=fffff8800843ca10 rbp=fffffa800a1de000
 r8=0000000000000000  r9=00000000ffffffff r10=000000000000000e
r11=0000000000000011 r12=fffff8a01c1446d0 r13=fffffa800a1de060
r14=0000000000000000 r15=fffff8a011319a80
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
nt!NtSetInformationThread+0xe94:
fffff800`03346034 80be380b000001  cmp     byte ptr [rsi+0B38h],1 ds:002b:ffdff8a0`0b62ab48=??
Resetting default scope

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x3B

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff8000307d754 to fffff80003346034

STACK_TEXT:  
fffff880`0843ca10 fffff800`0307d754 : 00000000`00000000 fffffa80`0a1de060 fffffa80`06d44510 fffff8a0`1c1446d0 : nt!NtSetInformationThread+0xe94
fffff880`0843cae0 fffff800`0338b394 : fffffa80`0a1de060 00000000`00000000 fffffa80`0be46950 00000000`00000000 : nt!ObfDereferenceObject+0xd4
fffff880`0843cb40 fffff800`0338b294 : 00000000`00000340 fffffa80`0a1de060 fffff8a0`11319a80 00000000`00000340 : nt!SeAssignSecurityEx+0x754
fffff880`0843cbd0 fffff800`03077813 : fffffa80`0be46950 fffff880`0843cca0 00000000`00000000 00000000`00000001 : nt!SeAssignSecurityEx+0x654
fffff880`0843cc20 00000000`7700f7aa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0x3a43
00000000`0261d1c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7700f7aa


FOLLOWUP_IP: 
nt!NtSetInformationThread+e94
fffff800`03346034 80be380b000001  cmp     byte ptr [rsi+0B38h],1

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  nt!NtSetInformationThread+e94

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  ntkrnlmp.exe

STACK_COMMAND:  .cxr 0xfffff8800843c040 ; kb

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner
---------

1: kd> lmvm nt
start             end                 module name
fffff800`03008000 fffff800`035e4000   nt         (export symbols)       ntkrnlmp.exe
    Loaded symbol image file: ntkrnlmp.exe
    Image path: ntkrnlmp.exe
    Image name: ntkrnlmp.exe
    Timestamp:        Thu Jun 23 05:51:48 2011 (4E02AA44)
    CheckSum:         00542941
    ImageSize:        005DC000
    File version:     6.1.7600.16841
    Product version:  6.1.7600.16841
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        1.0 App
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ntkrnlmp.exe
    OriginalFilename: ntkrnlmp.exe
    ProductVersion:   6.1.7600.16841
    FileVersion:      6.1.7600.16841 (win7_gdr.110622-1503)
    FileDescription:  NT Kernel & System
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
1: kd> .cxr 0xfffff8800843c040
rax=fffff8a01c144700 rbx=fffff8a01c144700 rcx=fffff8a01f01c6f8
rdx=0000000000000000 rsi=ffdff8a00b62a010 rdi=fffff8a01f01c6f8
rip=fffff80003346034 rsp=fffff8800843ca10 rbp=fffffa800a1de000
 r8=0000000000000000  r9=00000000ffffffff r10=000000000000000e
r11=0000000000000011 r12=fffff8a01c1446d0 r13=fffffa800a1de060
r14=0000000000000000 r15=fffff8a011319a80
iopl=0         nv up ei pl zr na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
nt!NtSetInformationThread+0xe94:
fffff800`03346034 80be380b000001  cmp     byte ptr [rsi+0B38h],1 ds:002b:ffdff8a0`0b62ab48=??
      My Computer
    Quote Quote

  3. cvmm69
    Posts : 9
    Windows 7 Home Premium 64bit
    Thread Starter
       New #12

    Ok, just got a different kind of bsod. It had something to do with "Memory Management". Could it be that the new memory I installed is incompitable with my system? If so, then what should I do? Please help.
    Dump included.

    Code:
    MODULE_NAME: nt

FAULTING_MODULE: fffff8000304a000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aa44

BUGCHECK_STR:  0x1a_41284

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff8000310f2e3 to fffff800030ba5c0

STACK_TEXT:  
fffff880`0b82c048 fffff800`0310f2e3 : 00000000`0000001a 00000000`00041284 fffff6fb`40003001 00000000`00000010 : nt!KeBugCheckEx
fffff880`0b82c050 fffff800`030ed249 : fffffa80`0acb5ec8 00000000`00000001 00000000`00000000 00000000`00000002 : nt!wcsncat_s+0x61cb
fffff880`0b82c090 fffff800`030ed4da : fffffa80`04e98d60 fffffa80`0acb5b30 00000000`00000001 fffff6fb`40003000 : nt!PsReturnProcessNonPagedPoolQuota+0xf8d
fffff880`0b82c0d0 fffff800`0308eca6 : fffff700`01080520 fffffa80`0acb5ec8 fffff700`01080000 fffff8a0`054241d0 : nt!PsReturnProcessNonPagedPoolQuota+0x121e
fffff880`0b82c1e0 fffff800`0308d60e : fffffa80`0acb5b30 fffffa80`00000008 fffff8a0`000000dd 00000000`00000000 : nt!PsGetProcessSessionIdEx+0x173a
fffff880`0b82ca90 fffff800`0339ca8b : fffff8a0`1298f480 00000000`00000001 00000000`00000000 fffffa80`0aea9b60 : nt!PsGetProcessSessionIdEx+0xa2
fffff880`0b82cae0 fffff800`0337435b : 00000000`00000000 00000000`00000001 000007ff`fffde000 00000000`00000000 : nt!NtFsControlFile+0x1307
fffff880`0b82cba0 fffff800`030b9813 : fffffa80`0acb5b30 fffff880`00000000 00000000`00394150 fffffa80`0aea9b60 : nt!MmUnmapViewOfSection+0x26b
fffff880`0b82cc20 00000000`7724f97a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0x3a43
00000000`0021fbf8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7724f97a


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!wcsncat_s+61cb
fffff800`0310f2e3 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!wcsncat_s+61cb

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  ntkrnlmp.exe

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner
---------

0: kd> lmvm nt
start             end                 module name
fffff800`0304a000 fffff800`03626000   nt         (export symbols)       ntkrnlmp.exe
    Loaded symbol image file: ntkrnlmp.exe
    Image path: ntkrnlmp.exe
    Image name: ntkrnlmp.exe
    Timestamp:        Thu Jun 23 05:51:48 2011 (4E02AA44)
    CheckSum:         00542941
    ImageSize:        005DC000
    File version:     6.1.7600.16841
    Product version:  6.1.7600.16841
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        1.0 App
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ntkrnlmp.exe
    OriginalFilename: ntkrnlmp.exe
    ProductVersion:   6.1.7600.16841
    FileVersion:      6.1.7600.16841 (win7_gdr.110622-1503)
    FileDescription:  NT Kernel & System
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
      My Computer
    Quote Quote

  4. writhziden
    Posts : 11,269
    Windows 7 Home Premium 64 Bit
       New #13

    Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete (run them an hour before bed each of the next two nights and check before going to sleep that they are still running).

    If you swap any memory components, follow these steps for ESD safety:
    1. Shut down and turn off your computer.
    2. Unplug all power supplies to the computer (AC Power then battery for laptops, AC power for desktops)
    3. Hold down the power button for 30 seconds to close the circuit and ensure all power drains from components.
    4. Make sure you are grounded by using proper grounding techniques, i.e. work on an anti-static workbench, anti-static desk, or an anti-static pad. Hold something metallic while touching it to the anti-static surface, or use an anti-static wristband to attach to the anti-static material while working.

    Once these steps have been followed, it is safe to remove and replace components within your computer.



    Download and install CPU-Z and Upload screenshots of the CPU, Mainboard, Memory, and SPD tabs. In the SPD tab, upload an image of each slot.

    Also, go into your BIOS and post all Voltages (CPU, RAM, NB, IMC, etc.) and all RAM settings (timings, frequency, etc.)

    Thanks to Dave76 for help learning RAM Stability
    Last edited by writhziden; 22 Feb 2012 at 09:52. Reason: Check RAM Stability Settings
      My Computer
    Quote Quote

  6. cvmm69
    Posts : 9
    Windows 7 Home Premium 64bit
    Thread Starter
       New #14

    I ran Memtest as instructed, and ended up with over 9 million errors. The old sticks are running clear in every slot, so the new memory sticks cause this. Screencaps of CPU-Z included, and this is what I could dig out from my BIOS:

    Code:
    CPU Temp: 45'C
MB Temp: 31'C

Cpu Fan: 3534 rpm
VCORE Voltage: 1,312v
3,3v Voltage: 3,360v
5v Voltage: 4,977v
12v Voltage: 12,233v
Memory Voltage: 1,900v
    All clock and voltage settings are set to AUTO.
      My Computer
    Quote Quote

  7. writhziden
    Posts : 11,269
    Windows 7 Home Premium 64 Bit
       New #15

    Proceed to part three of that tutorial for Memtest86+. Any errors in Memtest86+ are too many, and you are getting more than your fair share. Also, make sure to use the safe ESD steps.
      My Computer
    Quote Quote

  8. cvmm69
    Posts : 9
    Windows 7 Home Premium 64bit
    Thread Starter
       New #16

    Problem solved. I tested all the sticks and all the slots, and have indefinied the cause of the problem. All slots were tested with my old sticks, and proved all fully operational. The faulting memory stick, which was stick #2, had over nine thousand errors at the very start of the test, which is enough proof to prove the stick corrupted. I'll finish the test on stick #4 and run extended stick pair tests tomorrow.

    Code:
    #######MEMTEST x86 Testing Log#######

Stick information:
Manufacturer: A-DATA
Model: ADU800B2G6-B 2GB DDR2 800mHz PC6400
Total Sticks: 4

######Individual stick testing#######

stick    slot    pass    errors
1        1       4 + 3    no
------------------------------
2        1       0         yes    
2        2       0         yes
2        3       0         yes
2        4       0         yes
------------------------------
3        1       7         no
------------------------------
4        1       1         no


#######Stick Status#######

Stick 1: 3+4=7 Passes, OK
Stick 2: 0 Passes, Failed
Stick 3: 7 Passes, OK
Stick 4: 1 Passes, OK


#######Slot Status#######

Slot 1: OK
Slot 2: OK
Slot 3: OK
Slot 4: OK
    Thanks to everyone for helping me indenify and fix these problems that have cost me over two weeks of hard work.
      My Computer
    Quote Quote

  10. writhziden
    Posts : 11,269
    Windows 7 Home Premium 64 Bit
       New #17

    Glad you finally have it narrowed down. Let us know the results and how the system responds. Best of luck!
      My Computer
    Quote Quote

 
Page 2 of 2 FirstFirst 12

  Related Discussions
I have been getting random BSODs for weeks now. There does not seem to be a rhyme or reason to it. It occurs at random, and will sometimes go to a BSOD or hang my computer to unresponsiveness. I believe i may have fixed the MSEOOBE issue (Microsoft Security Client OOBE" stopped due to the...
First time posting here, should show how desperate I am to get these issues rectified. Not really sure what is triggering these BSOD's. At first I figured it was due to bad RAM, but now the crashes seem to come in two's. Once out of no where, and then again as soon as I log into my profile. After...
Hello, I'm getting random BSODS mostly on startup and during casual browsing eg. tasks which isn't that demanding but also occasionally during gaming. I've searched around but I'm still clueless and I hope somebody is more familiar with these error codes than I am. Trying to debugg these...
I get this BSOD every 3 days or so, and when I run WhoCrashed it claims that it is related to the two files mentioned in the title which are apparently driver issues, but all of my drivers are up to date so I really don't know where to start. I don't believe that it's a problem with the memory, as...
Random BSODs - RAM related probably
in BSOD Help and Support

Hello everyone, I got long time struggle with one of my friends PC. From very first time he bought it, it started with random BSODs. I ran Mem Test and no error were found. We convinced the seller to change the motherboard but it didn't help. Last 3 weeks I have been testing lots of options:...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 16:28.
Find Us