BSOD Dump analysis - please help

Page 1 of 2 12 LastLast

  1. Posts : 8
    windows 7 64 bit
       #1

    BSOD Dump analysis - please help


    Hi,
    I would be very grateful if a kindly guru could look at a BSOD dump for me please. Am running Win 7 Professional 64bit on an i7 system with 4Gb DDr3 RAM. No overclocking, no RAID, no Antivirus, just Windows firewall. Mainly use system to run MS FSX. BSODs have occurred randomly over last 3 months since installing W7. Dump files seem to be saved in folder C:\Dump, Have attached recent examples. Thanks in advance for any help.

    Best regards,

    Ken
      My Computer


  2. Posts : 28,845
    Win 8 Release candidate 8400
       #2

    ken pender said:
    Hi,
    I would be very grateful if a kindly guru could look at a BSOD dump for me please. Am running Win 7 Professional 64bit on an i7 system with 4Gb DDr3 RAM. No overclocking, no RAID, no Antivirus, just Windows firewall. Mainly use system to run MS FSX. BSODs have occurred randomly over last 3 months since installing W7. Dump files seem to be saved in folder C:\Dump, Have attached recent examples. Thanks in advance for any help.

    Best regards,

    Ken


    Hi Ken and welcome

    There seem to be three flavors of crashes here, They have one thing in common. they are all memory related.

    I would
    download memtestx86 and run it for at least 5 passes.
    run a system file check (sfc /scannow)

    I think the memory test will show you that one or more mem sticks are bad.

    Kenn J+
    Code:
    121209-19546-01.dmp    12/12/2009 1:31:06 PM        0x0000010e    00000000`0000001f    fffff8a0`29f7c630    00000000`00000000    00000000`000105e6    watchdog.sys    watchdog.sys+122f                    
    010410-25942-01.dmp    1/4/2010 3:21:40 PM    DRIVER_IRQL_NOT_LESS_OR_EQUAL    0x000000d1    fffff800`32c8a052    00000000`00000002    00000000`00000008    fffff800`32c8a052    ntoskrnl.exe    ntoskrnl.exe+71f00                    
    011210-22573-01.dmp    1/12/2010 2:29:04 PM    DRIVER_IRQL_NOT_LESS_OR_EQUAL    0x000000d1    fffff880`25d02240    00000000`00000002    00000000`00000000    fffff880`04caed42    wfplwf.sys    wfplwf.sys+21a22240                    
    111909-23821-01.dmp    11/19/2009 10:11:02 AM    DRIVER_IRQL_NOT_LESS_OR_EQUAL    0x000000d1    fffffa80`245a6e28    00000000`00000002    00000000`00000001    fffff880`0425ab3d    ntoskrnl.exe    ntoskrnl.exe+71f00                    
    111909-28345-01.dmp    11/19/2009 10:45:54 AM    DRIVER_IRQL_NOT_LESS_OR_EQUAL    0x000000d1    fffffa80`27bdfe28    00000000`00000002    00000000`00000001    fffff880`04205b3d    wfplwf.sys    wfplwf.sys+1418b3d                    
    112309-21028-01.dmp    11/23/2009 11:34:28 AM    DRIVER_IRQL_NOT_LESS_OR_EQUAL    0x000000d1    fffffa80`33b98a08    00000000`00000002    00000000`00000001    fffff880`044c9b3d    dxgmms1.sys    dxgmms1.sys+5b3d                    
    120409-21028-01.dmp    12/4/2009 12:26:52 PM    DRIVER_IRQL_NOT_LESS_OR_EQUAL    0x000000d1    fffffa80`270282b0    00000000`00000002    00000000`00000001    fffff880`04462aa8    mouclass.sys    mouclass.sys+4daaa8                    
    122009-22729-01.dmp    12/20/2009 3:54:06 PM    DRIVER_IRQL_NOT_LESS_OR_EQUAL    0x000000d1    fffffa80`33b370c0    00000000`00000002    00000000`00000001    fffff880`03f08e92    dxgmms1.sys    dxgmms1.sys+6e92                    
    011210-17440-01.dmp    1/12/2010 4:48:22 PM    IRQL_NOT_LESS_OR_EQUAL    0x0000000a    fffff880`209b1808    00000000`00000002    00000000`00000000    fffff800`02e8f72c    discache.sys    discache.sys+1da1d808                    
    011210-18392-01.dmp    1/12/2010 4:59:12 PM    IRQL_NOT_LESS_OR_EQUAL    0x0000000a    fffff880`23313848    00000000`00000002    00000000`00000000    fffff800`02e8f72c    ntoskrnl.exe    ntoskrnl.exe+71f00                    
    011310-19515-01.dmp    1/13/2010 5:13:10 PM    IRQL_NOT_LESS_OR_EQUAL    0x0000000a    fffff880`309b4068    00000000`00000002    00000000`00000001    fffff800`02eccdaf    serenum.sys    serenum.sys+2c30f068                    
    112309-36317-01.dmp    11/23/2009 11:20:02 AM    IRQL_NOT_LESS_OR_EQUAL    0x0000000a    fffff880`130a7948    00000000`00000002    00000000`00000001    fffff800`02a85daf    ntoskrnl.exe    ntoskrnl.exe+71f00                    
    120409-21824-01.dmp    12/4/2009 12:06:10 PM    IRQL_NOT_LESS_OR_EQUAL    0x0000000a    fffffa80`23a1c173    00000000`00000002    00000000`00000000    fffff800`02c91363    ntoskrnl.exe    ntoskrnl.exe+71f00                    
    121109-20373-01.dmp    12/11/2009 12:26:20 PM    IRQL_NOT_LESS_OR_EQUAL    0x0000000a    fffff880`13317300    00000000`0000000f    00000000`00000001    fffff800`02cbb5fd    asyncmac.sys    asyncmac.sys+9c2c300                    
    121209-15724-01.dmp    12/12/2009 6:30:30 PM    IRQL_NOT_LESS_OR_EQUAL    0x0000000a    fffff880`24425a58    00000000`00000002    00000000`00000000    fffff800`02c8322b    rasl2tp.sys    rasl2tp.sys+1f9a3a58                    
    121209-18579-01.dmp    12/12/2009 11:56:40 PM    MEMORY_MANAGEMENT    0x0000001a    00000000`00000403    fffff680`00086138    ba100000`007f9867    fffff680`20086138    ntoskrnl.exe    ntoskrnl.exe+71f00                    
    120409-17378-01.dmp    12/4/2009 11:49:14 AM    PAGE_FAULT_IN_NONPAGED_AREA    0x00000050    fffffa80`24276270    00000000`00000000    fffff880`04371ce5    00000000`00000002    serenum.sys    serenum.sys+278e750                    
    121109-23041-01.dmp    12/11/2009 11:34:50 AM    PAGE_FAULT_IN_NONPAGED_AREA    0x00000050    fffffa80`261909a0    00000000`00000001    fffff880`0431aff0    00000000`00000002    nvlddmkm.sys    nvlddmkm.sys+797c60                    
    121109-39499-01.dmp    12/11/2009 1:22:28 PM    PAGE_FAULT_IN_NONPAGED_AREA    0x00000050    fffffa80`24be8160    00000000`00000000    fffff800`02da70f3    00000000`00000002    ntoskrnl.exe    ntoskrnl.exe+71f00                    
    122009-16738-01.dmp    12/20/2009 4:17:42 PM    PAGE_FAULT_IN_NONPAGED_AREA    0x00000050    fffff8a0`31f8f980    00000000`00000001    fffff880`04001ebd    00000000`00000002    ntoskrnl.exe    ntoskrnl.exe+71f00
    Code:
    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\K\Desktop\New folder\112309-21028-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*d:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (8 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Machine Name:
    Kernel base = 0xfffff800`02a0b000 PsLoadedModuleList = 0xfffff800`02c48e50
    Debug session time: Mon Nov 23 06:31:44.459 2009 (GMT-5)
    System Uptime: 0 days 0:11:57.552
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ...............................
    Loading User Symbols
    Loading unloaded module list
    .....
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck D1, {fffffa8033b98a08, 2, 1, fffff880044c9b3d}
    
    Unable to load image dxgkrnl.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for dxgkrnl.sys
    *** ERROR: Module load completed but symbols could not be loaded for dxgkrnl.sys
    Probably caused by : dxgmms1.sys ( dxgmms1!VIDMM_GLOBAL::UnreferenceDmaBuffer+7d )
    
    Followup: MachineOwner
    ---------
    
    3: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: fffffa8033b98a08, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
    Arg4: fffff880044c9b3d, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002cb30e0
     fffffa8033b98a08 
    
    CURRENT_IRQL:  2
    
    FAULTING_IP: 
    dxgmms1!VIDMM_GLOBAL::UnreferenceDmaBuffer+7d
    fffff880`044c9b3d f0834018ff      lock add dword ptr [rax+18h],0FFFFFFFFh
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0xD1
    
    PROCESS_NAME:  System
    
    TRAP_FRAME:  fffff88002ffd770 -- (.trap 0xfffff88002ffd770)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffffa8033b989f0 rbx=0000000000000000 rcx=fffffa800462c018
    rdx=fffffa8007f3b250 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff880044c9b3d rsp=fffff88002ffd900 rbp=fffffa8004464420
     r8=0000000000000003  r9=fffffa8007bf4050 r10=fffffa8005f147d0
    r11=fffff880048eed60 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na po nc
    dxgmms1!VIDMM_GLOBAL::UnreferenceDmaBuffer+0x7d:
    fffff880`044c9b3d f0834018ff      lock add dword ptr [rax+18h],0FFFFFFFFh ds:3320:fffffa80`33b98a08=????????
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff80002a7c469 to fffff80002a7cf00
    
    STACK_TEXT:  
    fffff880`02ffd628 fffff800`02a7c469 : 00000000`0000000a fffffa80`33b98a08 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff880`02ffd630 fffff800`02a7b0e0 : 00000000`00000000 fffffa80`05f21d90 00000000`00000000 fffff880`048bcaa7 : nt!KiBugCheckDispatch+0x69
    fffff880`02ffd770 fffff880`044c9b3d : 00000000`00000000 00000000`00001554 fffffa80`05f14010 fffffa80`04464420 : nt!KiPageFault+0x260
    fffff880`02ffd900 fffff880`044cd677 : 00000000`00026d52 fffffa80`05f14010 fffffa80`05f21000 fffff880`04905ace : dxgmms1!VIDMM_GLOBAL::UnreferenceDmaBuffer+0x7d
    fffff880`02ffd930 fffff880`044cce00 : fffffa80`00000000 fffffa80`04776000 00000000`00000000 00000000`00000001 : dxgmms1!VidSchiProcessDpcCompletedPacket+0x253
    fffff880`02ffd9d0 fffff880`044ccc4c : 00000000`00000000 fffffa80`05f14010 fffffa80`05544480 fffffa80`05544aa8 : dxgmms1!VidSchDdiNotifyDpcWorker+0x198
    fffff880`02ffda20 fffff880`053071cf : fffffa80`05544480 00000000`00000002 00000000`00000000 00000000`00000000 : dxgmms1!VidSchDdiNotifyDpc+0x94
    fffff880`02ffda70 fffffa80`05544480 : 00000000`00000002 00000000`00000000 00000000`00000000 00000000`00000000 : dxgkrnl+0x31cf
    fffff880`02ffda78 00000000`00000002 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff880`048bc80d : 0xfffffa80`05544480
    fffff880`02ffda80 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff880`048bc80d 00000000`00000000 : 0x2
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    dxgmms1!VIDMM_GLOBAL::UnreferenceDmaBuffer+7d
    fffff880`044c9b3d f0834018ff      lock add dword ptr [rax+18h],0FFFFFFFFh
    
    SYMBOL_STACK_INDEX:  3
    
    SYMBOL_NAME:  dxgmms1!VIDMM_GLOBAL::UnreferenceDmaBuffer+7d
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: dxgmms1
    
    IMAGE_NAME:  dxgmms1.sys
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc578
    
    FAILURE_BUCKET_ID:  X64_0xD1_dxgmms1!VIDMM_GLOBAL::UnreferenceDmaBuffer+7d
    
    BUCKET_ID:  X64_0xD1_dxgmms1!VIDMM_GLOBAL::UnreferenceDmaBuffer+7d
    
    Followup: MachineOwner
    ---------
      My Computer


  3. Posts : 8
    windows 7 64 bit
    Thread Starter
       #3

    Hi Zigzag,
    Thank you so much for your welcome, your quick response and your advice. After 3 months of BSOD induced frustration I am so excited at the prospect of having a system running clean that I have cut straight to the chase and, based on your analysis, have replaced the cheap generic RAM in my system with matched branded memory. I will run a system file check as you suggest and report back, while monitoring to see if the BSODs return. Intervals between BSODs ranged from minutes to a week so it will take some time to be sure if the new memory solves the problem.

    Again, many, many thanks for your help.

    Best regards,

    Ken
      My Computer


  4. Posts : 8
    windows 7 64 bit
    Thread Starter
       #4

    Well I'm afraid it's me again. Yesterday I ran sfc/scannow as suggested by Zigzag and it ran clean, I then ran the system all day without incident and overnight I ran memtest to check the new RAM with no errors reported. This morning I started up the system, loaded MS FSX and within minutes the system froze. A copy of the dump file is attached. I would be very grateful for any further suggestions.

    Best regards,

    Ken
      My Computer


  5. Posts : 5,705
    Win7 x64 + x86
       #5

    This error points to NTFS.SYS - a component of Windows that manages the file system on your hard drive.

    Please start with these diagnostics (particularly the hard drive test):
    H/W Diagnostics:
    Please start by running these bootable hardware diagnostics:
    Memory Diagnostics (read the details at the link)
    HD Diagnostic (read the details at the link)

    Also, please run one of these free, independent online malware scans to ensure that your current protection hasn't been compromised: Malware (read the details at the link)
    Then try this:
    CHKDSK /R:
    Run CHKDSK /R from an elevated (Run as adminstrator) Command Prompt.
    When it tells you it can't do it right now - and asks you if you'd like to do it at the next reboot - answer Y (for Yes) and press Enter. Then reboot and let the test run. It may take a while for it to run, but keep an occasional eye on it to see if it generates any errors. See "CHKDSK LogFile" below in order to check the results of the test.

    Elevated Command Prompt:
    Go to Start and type in "cmd.exe" (without the quotes)
    At the top of the Search Box, right click on Cmd.exe and select "Run as administrator"

    CHKDSK LogFile:
    Go to Start and type in "eventvwr.msc" (without the quotes) and press Enter
    Expand the Windows logs heading, then select the Application log file entry.
    Double click on the Source column header.
    Scroll down the list until you find the Chkdsk entry (wininit for Win7) (winlogon for XP).
    Copy/paste the results into your next post.
    Because of the outdated drivers on the system, it's possible that the problem could be in another driver (such as the controller for the drives, another filter, or encryption software). So, Please update or remove these older drivers that were loaded at the time of the crash. Don't use Windows Update or the Update drivers function of Device Manager. Please use the following instructions to locate the most current drivers:
    How To Find Updated Drivers:
    - search Google for the name of the driver
    - compare the Google results with what's installed on your system to figure out which device/program it belongs to
    - visit the web site of the manufacturer of the hardware/program to get the latest drivers (DON'T use Windows Update or the Update driver function of Device Manager).
    - if there are difficulties in locating them, post back with questions and someone will try and help you locate the appropriate program.
    - some driver links are on this page: http://www.carrona.org/drvrdown.html

    Here's the older drivers:
    Code:
    jraid.sys    Mon Nov 03 21:20:09 2008 - JMicron RAID driver
    SaiH0255.sys Fri Feb 15 08:15:05 2008 - Saitek X52 Flight Control System(http://www.saitek.com/uk/down/drivers.php)
    snapman.sys  Fri Jul 13 06:03:12 2007 - Acronis Snapshot Manager
    tdrpman.sys  Mon Oct 29 08:29:29 2007 - Acronis Try & Decide and Restore Points Manager
    tifsfilt.sys Wed Aug 29 08:37:29 2007 - Acronis True Image File System Filter
    timntr.sys   Wed Aug 29 08:38:23 2007 - Acronis True Image Backup Archive Explorer
    truecrypt.sys Tue Jul 08 11:19:58 2008 - TrueCrypt driver
    BSOD summary:
    Code:
    Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
    Debug session time: Fri Jan 15 03:51:31.140 2010 (GMT-5)
    System Uptime: 0 days 0:13:19.171
    BugCheck 50, {fffffa8026ce025c, 1, fffff8800124d80c, 2}
    Probably caused by : Ntfs.sys ( Ntfs!NtfsDecrementCloseCounts+2c )
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    PROCESS_NAME:  System
      My Computer


  6. Posts : 8
    windows 7 64 bit
    Thread Starter
       #6

    Hi Usasma,
    Many thanks for your help. I really appreciate that you have found the time to respond. I have downloaded the utilities you recommend and will run the memory and HDD tests. I will also disable/update the old drivers you identified. Before receiving your input I had already run chkdsk. Wininit file is attached. Will respond as soon as I have the other test results
      My Computer


  7. Posts : 5,705
    Win7 x64 + x86
       #7

    No problems noted with the CHKDSK.
    Will wait for the rest of the results
      My Computer


  8. Posts : 8
    windows 7 64 bit
    Thread Starter
       #8

    Hello Usasma,

    Thanks for the feedback on the CHKDSK log. Following your advice, I have run Memtest86 for 5 passes (No Errors) and have run extended testing of my WD HDD (No errors). Have also run Windows Defender (No errors) and Active Scan which found some low level risks (which I think usually means cookies or similar). I have also located the outdated drivers which you identified. I can disable these using Autoruns. Before receiving your post I also ran the Win 7 Repair program and the MS FSX Repair program (as the BSODs occurred when I was running FSX). Have been running 4 days now without a failure (I will probably get one now after writing that!). Will report back with te dump when the next BSOD occurs.

    Thanks again for your help.

    Best regards,

    Ken
      My Computer


  9. Posts : 5,705
    Win7 x64 + x86
       #9

    Thanks for the update!
    Good luck!
      My Computer


  10. Posts : 8
    windows 7 64 bit
    Thread Starter
       #10

    Hello again Usasma,

    Well I've been running BSOD-free for 10 days. Seemed too good to be true and sure enough it was! I was running MS FSX this morning and the application froze after about 30 minutes, requiring a restart. Five minutes later - BSOD! Dump file attached. Can you kindly take a look when you get time,

    Many thanks,

    Ken
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:20.
Find Us