Blue screen problem

Yeah, I ran the upgrade advisor. I don't recall exactly what the outcome was but it must have been some kind of green light or I wouldn't have gone ahead with the upgrade. I do remember running it though.

I've started the verifier. I expected it to crash out immediately as it has in the past but so far it hasn't. I'm a little surprised actually. I'll post the crash reports when it finally does break down.

Guess I should have waited two more seconds before posting. Honestly, I don't think I've ever had a problem with peerblock before. I'll keep running verifier but stay away from PB this time.

Okay, I've had a couple of other issues happen since this last BSOD.

I found that I was unable to send documents to my printer so I restarted the computer while verifier was still running. Windows was unable to start so I had to go into repair mode. After getting windows started up I looked for a dump file but there wasn't one. I guess windows crashed too soon for one to be created.

At any rate, I restarted verifier and immediately after restarting I got another BSOD. I've attached the dump file. It looks as though it's pointing to the video driver again but I simply cannot find a more up to date one. Suggestions?

Okay. I'll do it again but it just reinstalls the same driver.

The solitary DV crash has indeed identified Peerblock as the cause. While I understand your delay for dealing with it, it should be taken care of before we can continue. At the very least update it, since it's dated Nov 2010, and then run Driver Verifier afterwards to confirm any change. Otherwise, it has to be removed. And yes, I personally have had to deal with numerous PC instabilities caused by Peerblock.

The saga continues.

I ran verifier for about 48 hours without Peerblock and recevied no BSODs. Then, a day or two after turning off verifier, I received a BSOD that produced the attached dump. I ran verifier again, as suggested by the dump itself, for another 36 hours and couldn't get another crash.

At this point should I just be running verifier constantly? Or giving up on this laptop? It is four years old, after all.

Uh oh. This is one of those uncommon instances where Driver Verifier alters the OS environment just enough that it's actually preventing a crash from occurring, rather than causing one. This can make analysis very difficult.

I may be able to get the info I need from the kernel dump of this particular crash, as the mini dump just doesn't have enough. Archive the MEMORY.DMP file from your Windows directory and upload to a 3rd party site like Mirrorcreator.com.

So far the current minidump showed involvement with the NSI proxy driver for Windows, which is the driver used to interface with client-to-server relationships for network applications. Make sure your network drivers are up-to-date and ensure that you only have one antivirus software running (no firewall software), as those can cause conflicts. I can only speculate on this as this driver may not be the culprit but just triggering the crash. Again, I might be able to learn more from a kernel dump.

Okay, I think I got it here. It looks like it's pointing at that damn ATI driver again, but you all would know better than me.

BayFiles

Whoa, I can kinda see why. The driver is pre-Windows 7 RTM, dated back from May 22, 2009. I'm not sure why you have a driver so old on this system for your graphics (did you install from a cd?) but it should be updated pronto.

The problem specifically is that the ATI driver was handling an event object incorrectly. The object name is Overdrive, which no doubt refers to ATI's Overdrive software that is used to overclock a system. I advise against using ATI Overdrive, since all overclocking should start and hopefully end inside the system's BIOS. Software overclocking can be very unstable, especially if it's with a driver and application this old. If you must monitor your GPU for temp/voltage/load, use a 3rd party application like HwInfo. If you must OC your GPU, do so through the BIOS if possible.

Analysts:

The crash for this kernel dump was quite clear in that a driver (atikmdag.sys; ATI driver) tried to reference a user handle as Kernel mode. Details on this check and why it's important as well as some fundamentals behind kernel/user objects and proper handling is explained in this powerpoint. I can clarify to the best of my ability upon request, but the general idea is that references to an object is done differently depending on the object, and if something references an object as a kernel object when it's actually a user object, it opens a can of worms (security hole, data integrity compromise, etc.).

Code:

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 00000000000000f6, Referencing user handle as KernelMode.
Arg2: 00000000000004b8, Handle value being referenced.
Arg3: fffffa8005a844b0, Address of the current process.
Arg4: fffff8800487fc29, Address inside the driver that is performing the incorrect reference.

Debugging Details:
------------------

TRIAGER: Could not open triage file : C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64\triage\modclass.ini, error 2

BUGCHECK_STR:  0xc4_f6

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

PROCESS_NAME:  CCC.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff800035613dc to fffff800030dafc0

STACK_TEXT:  
fffff880`0759e268 fffff800`035613dc : 00000000`000000c4 00000000`000000f6 00000000`000004b8 fffffa80`05a844b0 : nt!KeBugCheckEx
fffff880`0759e270 fffff800`03576ae4 : 00000000`000004b8 fffffa80`05a844b0 00000000`00000002 fffffa80`04443b50 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`0759e2b0 fffff800`0332e000 : 00000000`80000000 fffff880`0759e4e0 00000000`00000000 00000000`00000000 : nt!VfCheckUserHandle+0x1b4
fffff880`0759e390 fffff800`033b0ed5 : fffffa80`04443b00 000007fe`000f001f 00000000`00000000 0053002b`002b0000 : nt! ?? ::NNGAKEGL::`string'+0x212de
fffff880`0759e460 fffff800`03576878 : 00000202`0018002b fffff880`07596001 fffff980`0139ece0 fffff980`14b9eee0 : nt!ObReferenceObjectByHandle+0x25
fffff880`0759e4b0 fffff880`0487fc29 : fffff880`0759ea54 fffffa80`04445000 00000000`00000000 00000000`1cfdb510 : nt!VerifierObReferenceObjectByHandle+0x48
fffff880`0759e500 fffff880`048685a7 : fffff980`0164aea0 00000000`00000000 fffff880`0759e770 00000000`00000000 : atikmdag+0x31c29
fffff880`0759e540 fffff880`04860e98 : 00000000`00000000 00000000`00000000 fffff980`01610f80 fffff880`0759ea40 : atikmdag+0x1a5a7
fffff880`0759e730 fffff880`048613f3 : fffff880`0759e950 fffff880`044860d1 00000000`00000001 fffff880`0759e9c0 : atikmdag+0x12e98
fffff880`0759e7f0 fffff880`044b9f50 : 00000000`00000000 00000000`00000000 fffff880`0759e950 fffff8a0`0005d000 : atikmdag+0x133f3
fffff880`0759e840 fffff880`044ad093 : 00000000`00000000 00000000`00000000 fffff880`0759eca0 00000000`00000003 : dxgkrnl!DXGADAPTER::DdiEscape+0x50
fffff880`0759e870 fffff960`001a0ad2 : fffff8a0`00022000 fffffa80`04443b50 00000000`1cfdb510 00000000`00000020 : dxgkrnl!DxgkEscape+0x7af
fffff880`0759ebf0 fffff800`030da253 : 00000000`1cd05e10 fffff880`0759eca0 000007fe`ff490000 00000000`000000c0 : win32k!NtGdiDdDDIEscape+0x12
fffff880`0759ec20 000007fe`ff4913ea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`1b7acd38 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`ff4913ea


STACK_COMMAND:  kb

FOLLOWUP_IP: 
atikmdag+31c29
fffff880`0487fc29 85c0            test    eax,eax

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  atikmdag+31c29

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: atikmdag

IMAGE_NAME:  atikmdag.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a1625b3

FAILURE_BUCKET_ID:  X64_0xc4_f6_VRF_atikmdag+31c29

BUCKET_ID:  X64_0xc4_f6_VRF_atikmdag+31c29

Followup: MachineOwner
---------

0: kd> lmvm atikmdag
start             end                 module name
fffff880`0484e000 fffff880`04dbe000   atikmdag   (no symbols)           
    Loaded symbol image file: atikmdag.sys
    Image path: \SystemRoot\system32\DRIVERS\atikmdag.sys
    Image name: atikmdag.sys
    Timestamp:        Fri May 22 00:10:27 2009 (4A1625B3)
    CheckSum:         005261B1
    ImageSize:        00570000
    File version:     8.1.1.882
    Product version:  8.1.1.882
    File flags:       8 (Mask 3F) Private
    File OS:          40004 NT Win32
    File type:        3.4 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      ATI Technologies Inc.
    ProductName:      ATI Radeon Family
    InternalName:     atikmdag.sys
    OriginalFilename: atikmdag.sys
    ProductVersion:   8.01.01.882
    FileVersion:      8.01.01.882
    FileDescription:  ATI Radeon Kernel Mode Driver
    LegalCopyright:   Copyright (C) 1998-2006 ATI Technologies Inc.
0: kd> !handle 4b8

PROCESS fffffa8005a844b0
    SessionId: 1  Cid: 1044    Peb: 7fffffda000  ParentCid: 0e1c
    DirBase: a15a3000  ObjectTable: fffff8a003399d00  HandleCount: 317.
    Image: CCC.exe

Handle table at fffff8a003399d00 with 317 entries in use

04b8: Object: fffffa8003848300  GrantedAccess: 001f0003 Entry: fffff8a0036782e0
Object: fffffa8003848300  Type: (fffffa8002365a40) Event
    ObjectHeader: fffffa80038482d0 (new version)
        HandleCount: 1  PointerCount: 3
        Directory Object: fffff8a0011e3490  Name: Overdrive