BSOD (the usual) + DBG info.


  1. Posts : 3
    Windows 7
       #1

    BSOD (the usual) + DBG info.


    I have been trying to fix this for weeks, i finally managed to get some Debugging information, i get the BSOD all of the time, every time the error code is different, so expect me back again

    Code:
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Windows\Minidump\072410-22448-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (2 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
    Machine Name:
    Kernel base = 0xfffff800`03008000 PsLoadedModuleList = 0xfffff800`03245e50
    Debug session time: Sat Jul 24 05:16:07.339 2010 (UTC - 4:00)
    System Uptime: 3 days 1:46:10.744
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ...........................
    Loading User Symbols
    Loading unloaded module list
    .............
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck A, {fffff86b057b2fff, 2, 1, fffff8000307e803}
    
    Probably caused by : ntkrnlmp.exe ( nt!SwapContext_PatchXSave+0 )
    
    Followup: MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: fffff86b057b2fff, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000001, bitfield :
        bit 0 : value 0 = read operation, 1 = write operation
        bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: fffff8000307e803, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800032b00e0
     fffff86b057b2fff 
    
    CURRENT_IRQL:  2
    
    FAULTING_IP: 
    nt!SwapContext_PatchXSave+0
    fffff800`0307e803 0fae01          fxsave  [rcx]
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0xA
    
    PROCESS_NAME:  System
    
    TRAP_FRAME:  fffff880057b1e40 -- (.trap 0xfffff880057b1e40)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000001 rbx=0000000000000000 rcx=fffff86b057b2e00
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8000307e803 rsp=fffff880057b1fd0 rbp=fffff86b057b2db0
     r8=fffffa80026fa450  r9=0000000000000000 r10=fffff800031f2e80
    r11=fffffa800320bc00 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz na pe nc
    nt!SwapContext_PatchXSave:
    fffff800`0307e803 0fae01          fxsave  [rcx]    ds:ecc0:fffff86b`057b2e00=??
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff80003077b69 to fffff80003078600
    
    STACK_TEXT:  
    fffff880`057b1cf8 fffff800`03077b69 : 00000000`0000000a fffff86b`057b2fff 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff880`057b1d00 fffff800`030767e0 : 00000000`00000000 fffff800`031f2e80 00000000`00040001 00000000`00000002 : nt!KiBugCheckDispatch+0x69
    fffff880`057b1e40 fffff800`0307e803 : fffffa80`00000001 00000000`00000000 fffff880`00000001 fffff880`057b20a0 : nt!KiPageFault+0x260
    fffff880`057b1fd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SwapContext_PatchXSave
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!SwapContext_PatchXSave+0
    fffff800`0307e803 0fae01          fxsave  [rcx]
    
    SYMBOL_STACK_INDEX:  3
    
    SYMBOL_NAME:  nt!SwapContext_PatchXSave+0
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrnlmp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4b88cfeb
    
    FAILURE_BUCKET_ID:  X64_0xA_nt!SwapContext_PatchXSave+0
    
    BUCKET_ID:  X64_0xA_nt!SwapContext_PatchXSave+0
    
    Followup: MachineOwner
    ---------
    That is what i got. I attached my minidump file.
      My Computer


  2. Posts : 28,845
    Win 8 Release candidate 8400
       #2

    Lehsyrus said:
    I have been trying to fix this for weeks, i finally managed to get some Debugging information, i get the BSOD all of the time, every time the error code is different, so expect me back again

    Code:
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Windows\Minidump\072410-22448-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (2 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
    Machine Name:
    Kernel base = 0xfffff800`03008000 PsLoadedModuleList = 0xfffff800`03245e50
    Debug session time: Sat Jul 24 05:16:07.339 2010 (UTC - 4:00)
    System Uptime: 3 days 1:46:10.744
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ...........................
    Loading User Symbols
    Loading unloaded module list
    .............
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck A, {fffff86b057b2fff, 2, 1, fffff8000307e803}
    
    Probably caused by : ntkrnlmp.exe ( nt!SwapContext_PatchXSave+0 )
    
    Followup: MachineOwner
    ---------
    
    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    IRQL_NOT_LESS_OR_EQUAL (a)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If a kernel debugger is available get the stack backtrace.
    Arguments:
    Arg1: fffff86b057b2fff, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000001, bitfield :
        bit 0 : value 0 = read operation, 1 = write operation
        bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
    Arg4: fffff8000307e803, address which referenced memory
    
    Debugging Details:
    ------------------
    
    
    WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800032b00e0
     fffff86b057b2fff 
    
    CURRENT_IRQL:  2
    
    FAULTING_IP: 
    nt!SwapContext_PatchXSave+0
    fffff800`0307e803 0fae01          fxsave  [rcx]
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0xA
    
    PROCESS_NAME:  System
    
    TRAP_FRAME:  fffff880057b1e40 -- (.trap 0xfffff880057b1e40)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=0000000000000001 rbx=0000000000000000 rcx=fffff86b057b2e00
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff8000307e803 rsp=fffff880057b1fd0 rbp=fffff86b057b2db0
     r8=fffffa80026fa450  r9=0000000000000000 r10=fffff800031f2e80
    r11=fffffa800320bc00 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz na pe nc
    nt!SwapContext_PatchXSave:
    fffff800`0307e803 0fae01          fxsave  [rcx]    ds:ecc0:fffff86b`057b2e00=??
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff80003077b69 to fffff80003078600
    
    STACK_TEXT:  
    fffff880`057b1cf8 fffff800`03077b69 : 00000000`0000000a fffff86b`057b2fff 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
    fffff880`057b1d00 fffff800`030767e0 : 00000000`00000000 fffff800`031f2e80 00000000`00040001 00000000`00000002 : nt!KiBugCheckDispatch+0x69
    fffff880`057b1e40 fffff800`0307e803 : fffffa80`00000001 00000000`00000000 fffff880`00000001 fffff880`057b20a0 : nt!KiPageFault+0x260
    fffff880`057b1fd0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SwapContext_PatchXSave
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_IP: 
    nt!SwapContext_PatchXSave+0
    fffff800`0307e803 0fae01          fxsave  [rcx]
    
    SYMBOL_STACK_INDEX:  3
    
    SYMBOL_NAME:  nt!SwapContext_PatchXSave+0
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrnlmp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  4b88cfeb
    
    FAILURE_BUCKET_ID:  X64_0xA_nt!SwapContext_PatchXSave+0
    
    BUCKET_ID:  X64_0xA_nt!SwapContext_PatchXSave+0
    
    Followup: MachineOwner
    ---------
    That is what i got. I attached my minidump file.

    This dmp does seem to point to ntkrnlmp but it rarely at fault. Usually it is just the debugger pointing to a file, any file. Do you have any other DMP files that we can examine?

    If not we can start getting more aggressive with it.

    Ken
      My Computer


  3. Posts : 1,360
    win7 ultimate / virtual box
       #3

    from the debugger results this crash could very well be caused by old drivers and you have a few which are from 2008 and the middle of 2009
    speedfan.sys fffff880`017df000 fffff880`017e6000 0x00007000 0x45168798 24/09/2006 14:26:48
    PxHlpa64.sys fffff880`00fbf000 fffff880`00fcad00 0x0000bd00 0x47d88a39 13/03/2008 02:58:17
    sensorsview32_64.sys fffff880`03494000 fffff880`0349b000 0x00007000 0x488b26c1 26/07/2008 14:29:37
    adfs.SYS fffff880`03471000 fffff880`03489000 0x00018000 0x490f2b4e 03/11/2008 17:48:14
    AtiPcie.sys fffff880`017f8000 fffff880`01800000 0x00008000 0x4a005486 05/05/2009 16:00:22
    speedfan.sys for now just uninstall ?
    PxHlpa64.sys could belong to any of the following programs and needs removing ?
    RecordNow!
    ESSSONIC
    Sonic RecordNow!/Sonic_PrimoSDK
    Dell Media Experience
    Pioneer RecordNow DX
    Sonic MyDVD/RecordNow!/RecordNow DX/MyDVD Plus/PrimoSDK
    Microsoft Plus! Digital Media/Digital Image Suite
    Corel Photo Album
    HP RecordNow/DigitalMedia Archive
    IBM RecordNow!
    Roxio Easy Media Creator/RecordNow Copy/Drag-to-Disc/Creator Basic v/Media Manager/CinePlayer
    Adobe Photoshop Lightroom
    Yahoo! Music Jukebox or Roxio
    Napster Burn Engine
    1CLICK DivxToDVD
    OLYMPUS muvee theaterPack
    by Sonic Solutions (Sonic Solutions - DVD Burning - DVD Decoder - DVD & Video Editing Software) or VERITAS Software, Inc (Data Center Optimization: Datacenter Management Software, Data Center Software, Data Center Solutions | Symantec).

    sensorsview32_64.sys likely belongs to sensor view pro ? and maybe you should temporarily remove it for debugging purposes ?

    adfs.SYS is an older adobe file but i have never seen evidence it causes bluescreen crashes ?
    AtiPcie.sys is part of your gfx card drivers and i am confident there is a newer version for your card released in 2010 ?

    I also suggest you go to your motherboard manufacturers website and check you have the latest bios ?

    let us know how it goes
      My Computer


  4. Posts : 3
    Windows 7
    Thread Starter
       #4

    Well, i had an in depth thing written here, and then firefox decided it was going back a page, let me try that again.


    I am uninstalling Sensor View Pro and Speedfan, neither of which worked that well anyways.

    When i first started getting the BSOD's i first thought to update everything considering the computer was still fairly new (custom built gaming rig i'll give specs below).
    I have Award Software International BIOS, which was f8 and i flashed it to f12 so that is updated fine. Though finding the update took a work filled week, as Awards website tries to scam you into buying driver scanning software, i went to my motherboards website and found it.
    I have installed the fully updated Catalyst suite for my Radeon HD 4600 graphics card just a week ago.
    As for PxHlpa64.sys, i do not have any of those programs, but i will keep searching for anything that i have that may use it. If i find anything or if i don't i will post back here.

    I have an attachment below of my computer specs as said by Everest Home Edition. It is in an HTML format so it's easier to read, just in case it may help you guys help me out.


    And ZigZag, i am all for getting aggressive with this. It's pissing me off that my gaming rig that i built can't play games for too long without BSOD'ing. If i could i would go back to XP, but i lost my installation disc. So i am willing to do whatever it takes to fix this.
      My Computer


  5. Posts : 1,598
    Microsoft Window 7 Professional 32 bit
       #5

    PxHlpa64.sys is Sonic CD/DVD driver (used by many different CD/DVD programs)
    If you not sure what programs you uses, simply try this:
    Go to C:\Windows\System32\drivers and rename PxHlpa64.sys to PxHlpa64.BAK
    This will break your CD/DVD program, but can easily be renamed after we've finished.
      My Computer


  6. Posts : 13,354
    Windows 7 Professional x64
       #6
      My Computer


  7. Posts : 3
    Windows 7
    Thread Starter
       #7

    I can't run the Driver Verifier today as i have some work to finish before i risk it, but i will start it tomorrow and post all of my information back here as soon as possible. Thanks for the help so far everyone!
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 11:36.
Find Us