BSOD ntoskrnl.exe and NTFS.sys

Let us check the modules which are making the system crash.

avast! Virtualization Driver

Code:

fffff880`099083f8  fffff880`03ca5efaUnable to load image \SystemRoot\System32\Drivers\aswSnx.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswSnx.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswSnx.SYS
 aswSnx+0x6efa

Description here: Driver Reference Table - aswSnx.SYS

avast! Self Protection Driver

Code:

fffff880`099083e8  fffff880`03f3dcbcUnable to load image \SystemRoot\System32\Drivers\aswSP.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswSP.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswSP.SYS
 aswSP+0x48cbc

Description here: Driver Reference Table - aswSP.SYS

Uninstall Avast using Avast Uninstall Utility. Use Microsoft Security Essentials as your antivirus with windows inbuilt firewall, and free MBAM as the on demand scanner.
Download, install and update those, and then run full system scans with both of them, one by one.

Let us know the result.
_______________________________________________________________________________
BSOD ANALYSIS:

Code:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {fffffa802e299010, 2, 1, fffff80003137ca6}

Probably caused by : memory_corruption ( nt!MiReleaseConfirmedPageFileSpace+86 )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffa802e299010, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80003137ca6, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800032b2100
GetUlongFromAddress: unable to read from fffff800032b21c0
 fffffa802e299010 Nonpaged pool

CURRENT_IRQL:  2

FAULTING_IP: 
nt!MiReleaseConfirmedPageFileSpace+86
fffff800`03137ca6 480fb328        btr     qword ptr [rax],rbp

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  WerFault.exe

TRAP_FRAME:  fffff88009908620 -- (.trap 0xfffff88009908620)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800e499010 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003137ca6 rsp=fffff880099087b0 rbp=00000000ff000000
 r8=fffff880099087e0  r9=fffffa80100426c0 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!MiReleaseConfirmedPageFileSpace+0x86:
fffff800`03137ca6 480fb328        btr     qword ptr [rax],rbp ds:fffffa80`0e499010=0100000000000000
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff8000307a1a9 to fffff8000307ac00

STACK_TEXT:  
fffff880`099084d8 fffff800`0307a1a9 : 00000000`0000000a fffffa80`2e299010 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`099084e0 fffff800`03078e20 : fffff880`09908670 fffff800`03056450 fffffa80`00001000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`09908620 fffff800`03137ca6 : fffffa80`10042a58 00000000`00000000 fffffa80`0e415920 fffff704`4000cc40 : nt!KiPageFault+0x260
fffff880`099087b0 fffff800`030ebbda : 00000000`000000a8 fffff680`00011a00 00000000`02a98000 fffffa80`10042c60 : nt!MiReleaseConfirmedPageFileSpace+0x86
fffff880`09908830 fffff800`030ad7d9 : 00000000`00000000 00000000`02f10fff fffffa80`00000000 fffff880`00000000 : nt! ?? ::FNODOBFM::`string'+0x34f16
fffff880`099089f0 fffff800`033951c1 : fffffa80`0ffc0610 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiRemoveMappedView+0xd9
fffff880`09908b10 fffff800`033955c3 : 0000007f`00000000 00000000`02340000 fffffa80`00000001 fffffa80`0f8d8010 : nt!MiUnmapViewOfSection+0x1b1
fffff880`09908bd0 fffff800`03079e93 : 00000000`00000000 00000000`02f10808 fffffa80`100426c0 00000000`00000000 : nt!NtUnmapViewOfSection+0x5f
fffff880`09908c20 00000000`773e15ba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0023e098 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x773e15ba


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!MiReleaseConfirmedPageFileSpace+86
fffff800`03137ca6 480fb328        btr     qword ptr [rax],rbp

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!MiReleaseConfirmedPageFileSpace+86

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP:  5147d9c6

IMAGE_NAME:  memory_corruption

FAILURE_BUCKET_ID:  X64_0xA_nt!MiReleaseConfirmedPageFileSpace+86

BUCKET_ID:  X64_0xA_nt!MiReleaseConfirmedPageFileSpace+86

Followup: MachineOwner
---------

The scans are for safety reason, as the antivirus was failing and causing BSODs.

Let us know how the system is running without avast.

Your crash dumps are not showing any finite probable cause. In such a situation, it is better to enable Driver Verifier to monitor the drivers.
Driver Verifier - Enable and Disable
Run Driver Verifier for 24 hours or the occurrence of the next crash, whichever is earlier.

   Information

Why Driver Verifier:
It puts a stress on the drivers, ans so it makes the unstable drivers crash. Hopefully the driver that crashes is recorded in the memory dump.

How Can we know that DV is enabled:
It will make the system bit of slow, laggy.

   Warning

Before enabling DV, make it sure that you have earlier System restore points made in your computer. You can check it easily by using CCleaner looking at Tools > System Restore.

If there is no points, make a System Restore Point manually before enabling DV.

   Tip

• If you fail to get on the Desktop because of DV, Boot into Advanced Boot Options > Safe mode. Disable DV there. Now boot normally again, and try following the instruction of enabling DV again.
• If you cannot boot in Safe mode too, do a System Restore to a point you made earlier.

Let us know the results, with the subsequent crash dumps, if any.

There is no new crash dump after 06/06 ..... so probably we have to wait for another incident.