New
#21
here it is
Let us check the modules which are making the system crash.
avast! Virtualization Driver
Description here: Driver Reference Table - aswSnx.SYSCode:fffff880`099083f8 fffff880`03ca5efaUnable to load image \SystemRoot\System32\Drivers\aswSnx.SYS, Win32 error 0n2 *** WARNING: Unable to verify timestamp for aswSnx.SYS *** ERROR: Module load completed but symbols could not be loaded for aswSnx.SYS aswSnx+0x6efa
avast! Self Protection Driver
Description here: Driver Reference Table - aswSP.SYSCode:fffff880`099083e8 fffff880`03f3dcbcUnable to load image \SystemRoot\System32\Drivers\aswSP.SYS, Win32 error 0n2 *** WARNING: Unable to verify timestamp for aswSP.SYS *** ERROR: Module load completed but symbols could not be loaded for aswSP.SYS aswSP+0x48cbc
Uninstall Avast using Avast Uninstall Utility. Use Microsoft Security Essentials as your antivirus with windows inbuilt firewall, and free MBAM as the on demand scanner.
Download, install and update those, and then run full system scans with both of them, one by one.
Let us know the result.
_______________________________________________________________________________
BSOD ANALYSIS:
Code:******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {fffffa802e299010, 2, 1, fffff80003137ca6} Probably caused by : memory_corruption ( nt!MiReleaseConfirmedPageFileSpace+86 ) Followup: MachineOwner --------- 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: fffffa802e299010, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff80003137ca6, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800032b2100 GetUlongFromAddress: unable to read from fffff800032b21c0 fffffa802e299010 Nonpaged pool CURRENT_IRQL: 2 FAULTING_IP: nt!MiReleaseConfirmedPageFileSpace+86 fffff800`03137ca6 480fb328 btr qword ptr [rax],rbp CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0xA PROCESS_NAME: WerFault.exe TRAP_FRAME: fffff88009908620 -- (.trap 0xfffff88009908620) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=fffffa800e499010 rbx=0000000000000000 rcx=0000000000000000 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80003137ca6 rsp=fffff880099087b0 rbp=00000000ff000000 r8=fffff880099087e0 r9=fffffa80100426c0 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!MiReleaseConfirmedPageFileSpace+0x86: fffff800`03137ca6 480fb328 btr qword ptr [rax],rbp ds:fffffa80`0e499010=0100000000000000 Resetting default scope LAST_CONTROL_TRANSFER: from fffff8000307a1a9 to fffff8000307ac00 STACK_TEXT: fffff880`099084d8 fffff800`0307a1a9 : 00000000`0000000a fffffa80`2e299010 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx fffff880`099084e0 fffff800`03078e20 : fffff880`09908670 fffff800`03056450 fffffa80`00001000 00000000`00000000 : nt!KiBugCheckDispatch+0x69 fffff880`09908620 fffff800`03137ca6 : fffffa80`10042a58 00000000`00000000 fffffa80`0e415920 fffff704`4000cc40 : nt!KiPageFault+0x260 fffff880`099087b0 fffff800`030ebbda : 00000000`000000a8 fffff680`00011a00 00000000`02a98000 fffffa80`10042c60 : nt!MiReleaseConfirmedPageFileSpace+0x86 fffff880`09908830 fffff800`030ad7d9 : 00000000`00000000 00000000`02f10fff fffffa80`00000000 fffff880`00000000 : nt! ?? ::FNODOBFM::`string'+0x34f16 fffff880`099089f0 fffff800`033951c1 : fffffa80`0ffc0610 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiRemoveMappedView+0xd9 fffff880`09908b10 fffff800`033955c3 : 0000007f`00000000 00000000`02340000 fffffa80`00000001 fffffa80`0f8d8010 : nt!MiUnmapViewOfSection+0x1b1 fffff880`09908bd0 fffff800`03079e93 : 00000000`00000000 00000000`02f10808 fffffa80`100426c0 00000000`00000000 : nt!NtUnmapViewOfSection+0x5f fffff880`09908c20 00000000`773e15ba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 00000000`0023e098 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x773e15ba STACK_COMMAND: kb FOLLOWUP_IP: nt!MiReleaseConfirmedPageFileSpace+86 fffff800`03137ca6 480fb328 btr qword ptr [rax],rbp SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: nt!MiReleaseConfirmedPageFileSpace+86 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt DEBUG_FLR_IMAGE_TIMESTAMP: 5147d9c6 IMAGE_NAME: memory_corruption FAILURE_BUCKET_ID: X64_0xA_nt!MiReleaseConfirmedPageFileSpace+86 BUCKET_ID: X64_0xA_nt!MiReleaseConfirmedPageFileSpace+86 Followup: MachineOwner ---------
Thanks, I'll try that tonight after work.
alrighty, so i uninstalled avast. installed MS security essentials and ran a full scan. no problems there. now installed malware bytes and am running that full scan. ill let you know if i have any problems
The scans are for safety reason, as the antivirus was failing and causing BSODs.
Let us know how the system is running without avast.
will do. you guys are awesome by the way! =)
Your crash dumps are not showing any finite probable cause. In such a situation, it is better to enable Driver Verifier to monitor the drivers.
Driver Verifier - Enable and Disable
Run Driver Verifier for 24 hours or the occurrence of the next crash, whichever is earlier.
InformationWhy Driver Verifier:
It puts a stress on the drivers, ans so it makes the unstable drivers crash. Hopefully the driver that crashes is recorded in the memory dump.
How Can we know that DV is enabled:
It will make the system bit of slow, laggy.
WarningBefore enabling DV, make it sure that you have earlier System restore points made in your computer. You can check it easily by using CCleaner looking at Tools > System Restore.
If there is no points, make a System Restore Point manually before enabling DV.
Let us know the results, with the subsequent crash dumps, if any.Tip
- If you fail to get on the Desktop because of DV, Boot into Advanced Boot Options > Safe mode. Disable DV there. Now boot normally again, and try following the instruction of enabling DV again.
- If you cannot boot in Safe mode too, do a System Restore to a point you made earlier.
so, been running the verifier. have had a couple crashes. not sure if they actually made a dump log because it just froze up into a blurry screen with the speakers buzzing. here is the crash log anyway. oh, and i turned off the verifier now
There is no new crash dump after 06/06 ..... so probably we have to wait for another incident.