ntoskrnl.exe/DRIVER_POWER_STATE_FAILURE and MEMORY_MANAGEMENT Bsod

[jbucko]

I have been having many memory BSOD and also crashes while computer is asleep. I have Run Memory test and the memory is good. I have narrowed my problems down to a driver using whocrashed. I just dont know which one. If someone could help debug my mini dumb. If you could explain to me what is going on with my PC that would be great i am hear to learn. Thanks

 

[koolkat77]

Welcome

Your dumps do not give a specific error so we'll start with driver verifier

Its required to rule out buggy drivers.

Verifier puts extreme stress on the drivers, bad ones will cause BSOD. If we change all those drivers we hope for no more BSODs, If you get no BSODs, then its not a driver and we look to hardware.

• http://www.sevenforums.com/tutorials/101379-driver-verifier-enable-disable.html

Information
Driver Verifier runs in the background, "testing" drivers for bugs. If it finds one, a Blue Screen of Death (BSOD) will result; the corresponding dump file will hopefully show the faulty driver.

Driver Verifier monitors kernel-mode drivers and graphics drivers to detect illegal function calls or actions that might corrupt the system. It can subject the drivers to a variety of stresses and tests to find improper behavior.

Continue to use your system normally, and if you know what causes the crash, do that repeatedly. The objective here is to get the system to crash because Driver Verifier is stressing the drivers out. If it doesn't crash for you, then let it run for at least 36 hours of continuous operation.

 

[jbucko]

so i did the launch Drver verifier in the sevenforums diagnostics tool and rebooted the computer. after loging back in it only took 1 min and i had a bsod. I had to reboot in safe mode to shut the drver verifier off.

This is what Whocrashed said


On Fri 9/14/2012 12:58:01 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\091412-75644-01.dmp
This was probably caused by the following module: mfehidk.sys (mfehidk+0x57D67)
Bugcheck code: 0x24 (0x1904FB, 0xFFFFF8800ED35C38, 0xFFFFF8800ED35490, 0xFFFFF880011B2D67)
Error: NTFS_FILE_SYSTEM
file path: C:\Windows\system32\drivers\mfehidk.sys
product: SYSCORE
company: McAfee, Inc.
description: McAfee Link Driver
Bug check description: This indicates a problem occurred in the NTFS file system.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mfehidk.sys (McAfee Link Driver, McAfee, Inc.).
Google query: mfehidk.sys McAfee, Inc. NTFS_FILE_SYSTEM

On Fri 9/14/2012 12:58:01 PM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: mfehidk.sys (mfehidk+0x57D67)
Bugcheck code: 0x24 (0x1904FB, 0xFFFFF8800ED35C38, 0xFFFFF8800ED35490, 0xFFFFF880011B2D67)
Error: NTFS_FILE_SYSTEM
file path: C:\Windows\system32\drivers\mfehidk.sys
product: SYSCORE
company: McAfee, Inc.
description: McAfee Link Driver
Bug check description: This indicates a problem occurred in the NTFS file system.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mfehidk.sys (McAfee Link Driver, McAfee, Inc.).
Google query: mfehidk.sys McAfee, Inc. NTFS_FILE_SYSTEM


So this bsod was a different on than the ones i have been getting lately. i still uploaded the ZIP from the diagnostics tool. Do you think that it was the Mcafee that was causing the other errors? Or is this a separte issue? becasue it is normally ntoskrnl.exe causing the BSOD not mfehidk.sys.

 

[koolkat77]

Yes please uninstall McAffee and replace with Microsoft Security essentials
McAfee alone is a known cause to bsods.

How to uninstall or reinstall supported McAfee consumer products using the
McAfee Consumer Products Removal tool (MCPR.exe) http://www.microsoft.com/security_essentials/

:ar: Microsoft Security Essentials - Free Antivirus for Windows

I'm taking a look at your dumps and get back to you with what I find.

 

[koolkat77]

Yup its McAfee that's causing the bsods.

Driver Reference Table

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Yusra\Downloads\jbuck\SF_14-09-2012\091412-75644-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`03e4f000 PsLoadedModuleList = 0xfffff800`04093670
Debug session time: Fri Sep 14 18:58:01.000 2012 (UTC + 6:00)
System Uptime: 0 days 0:11:15.186
Loading Kernel Symbols
.

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

..............................................................
................................................................
..................................................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

[COLOR="Red"]BugCheck 24[/COLOR], {1904fb, fffff8800ed35c38, fffff8800ed35490, fffff880011b2d67}

Unable to load image \SystemRoot\system32\drivers\mfehidk.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for mfehidk.sys
*** ERROR: Module load completed but symbols could not be loaded for mfehidk.sys
Probably caused by : [COLOR="red"]mfehidk.sys ( mfehidk+57d67 )[/COLOR]

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

[COLOR="red"]NTFS_FILE_SYSTEM (24)[/COLOR]
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff8800ed35c38
Arg3: fffff8800ed35490
Arg4: fffff880011b2d67

Debugging Details:
------------------


EXCEPTION_RECORD:  fffff8800ed35c38 -- (.exr 0xfffff8800ed35c38)
ExceptionAddress: fffff880011b2d67 (mfehidk+0x0000000000057d67)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000000000010
Attempt to read from address 0000000000000010

CONTEXT:  fffff8800ed35490 -- (.cxr 0xfffff8800ed35490)
rax=0000000000000147 rbx=fffff9807d984f10 rcx=0000000000000010
rdx=0000000000000007 rsi=fffff8800ed35f00 rdi=fffff9800203cec0
rip=fffff880011b2d67 rsp=fffff8800ed35e70 rbp=0000000000000000
 r8=000000000000005d  r9=fffff880011f07a8 r10=fffff8800ed35f30
r11=0000000000000007 r12=0000000000000001 r13=0000000000000000
r14=0000000000000050 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
mfehidk+0x57d67:
fffff880`011b2d67 488b01          mov     rax,qword ptr [rcx] ds:002b:00000000`00000010=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

PROCESS_NAME:  McSvHost.exe

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000000000010

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800040fd100
 0000000000000010 

FOLLOWUP_IP: 
mfehidk+57d67
fffff880`011b2d67 488b01          mov     rax,qword ptr [rcx]

FAULTING_IP: 
mfehidk+57d67
fffff880`011b2d67 488b01          mov     rax,qword ptr [rcx]

BUGCHECK_STR:  0x24

LAST_CONTROL_TRANSFER:  from fffff9807d984f10 to fffff880011b2d67

STACK_TEXT:  
fffff880`0ed35e70 fffff980`7d984f10 : fffff880`0ed35f00 fffff980`0203cec0 00000000`00000001 fffff980`7d984eb0 : mfehidk+0x57d67
fffff880`0ed35e78 fffff880`0ed35f00 : fffff980`0203cec0 00000000`00000001 fffff980`7d984eb0 fffff880`00c196ce : 0xfffff980`7d984f10
fffff880`0ed35e80 fffff980`0203cec0 : 00000000`00000001 fffff980`7d984eb0 fffff880`00c196ce fffff980`7d868ef8 : 0xfffff880`0ed35f00
fffff880`0ed35e88 00000000`00000001 : fffff980`7d984eb0 fffff880`00c196ce fffff980`7d868ef8 00000000`00000001 : 0xfffff980`0203cec0
fffff880`0ed35e90 fffff980`7d984eb0 : fffff880`00c196ce fffff980`7d868ef8 00000000`00000001 fffff880`0ed35ff8 : 0x1
fffff880`0ed35e98 fffff880`00c196ce : fffff980`7d868ef8 00000000`00000001 fffff880`0ed35ff8 fffffa80`0ccdc5f0 : 0xfffff980`7d984eb0
fffff880`0ed35ea0 fffff880`011b0e48 : fffff980`7d868ed0 00000000`00000001 fffff880`0ed35ff8 fffff980`02078bc0 : fltmgr!DoFreeContext+0x7e
fffff880`0ed35ed0 fffff980`7d868ed0 : 00000000`00000001 fffff880`0ed35ff8 fffff980`02078bc0 fffff980`7d868ed0 : mfehidk+0x55e48
fffff880`0ed35ed8 00000000`00000001 : fffff880`0ed35ff8 fffff980`02078bc0 fffff980`7d868ed0 fffff880`011b261d : 0xfffff980`7d868ed0
fffff880`0ed35ee0 fffff880`0ed35ff8 : fffff980`02078bc0 fffff980`7d868ed0 fffff880`011b261d fffff980`7d868ed0 : 0x1
fffff880`0ed35ee8 fffff980`02078bc0 : fffff980`7d868ed0 fffff880`011b261d fffff980`7d868ed0 fffff880`0ed35ff8 : 0xfffff880`0ed35ff8
fffff880`0ed35ef0 fffff980`7d868ed0 : fffff880`011b261d fffff980`7d868ed0 fffff880`0ed35ff8 00000000`00000000 : 0xfffff980`02078bc0
fffff880`0ed35ef8 fffff880`011b261d : fffff980`7d868ed0 fffff880`0ed35ff8 00000000`00000000 fffff800`03f87df3 : 0xfffff980`7d868ed0
fffff880`0ed35f00 fffff980`7d868ed0 : fffff880`0ed35ff8 00000000`00000000 fffff800`03f87df3 fffff980`7dbdac60 : mfehidk+0x5761d
fffff880`0ed35f08 fffff880`0ed35ff8 : 00000000`00000000 fffff800`03f87df3 fffff980`7dbdac60 fffff880`00c4a9cb : 0xfffff980`7d868ed0
fffff880`0ed35f10 00000000`00000000 : fffff800`03f87df3 fffff980`7dbdac60 fffff880`00c4a9cb 00000000`00000000 : 0xfffff880`0ed35ff8


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  mfehidk+57d67

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: mfehidk

IMAGE_NAME:  mfehidk.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4f399e6e

STACK_COMMAND:  .cxr 0xfffff8800ed35490 ; kb

FAILURE_BUCKET_ID:  X64_0x24_VRF_mfehidk+57d67

BUCKET_ID:  X64_0x24_VRF_mfehidk+57d67

Followup: MachineOwner
---------

2: kd> lmvm mfehidk
start             end                 module name
fffff880`0115b000 fffff880`011f6600   mfehidk  T (no symbols)           
    Loaded symbol image file: mfehidk.sys
    Image path: \SystemRoot\system32\drivers\mfehidk.sys
    Image name: [COLOR="Red"]mfehidk.sys[/COLOR]
    Timestamp:        Tue Feb 14 05:36:14 2012 (4F399E6E)
    CheckSum:         000ADB1F
    ImageSize:        0009B600
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Microsoft Security Essentials is known as the most compatible (+free) antivirus for windows 7. Many members on our forum recommend it.

Let us know if you're getting more bsods.

 

[jbucko]

Thanks. I only installed mcafee because the military gives it to me for free. I was a Mac user that went to windows and did not know much about anti-virus. I will do what u recommended thanks.

 

[koolkat77]

Thanks
If you have more bsods, upload them here.

 

[jbucko]

It crashed again here are the dumps. and here is what whocrashed said


On Sun 9/16/2012 2:33:52 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\091512-12714-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7F1C0)
Bugcheck code: 0x1A (0x41790, 0xFFFFFA800982F050, 0xFFFF, 0x0)
Error: MEMORY_MANAGEMENT
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a severe memory management error occurred.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


i was surfing the internet with chrome i just crashed any help would be great.

 

[koolkat77]

Dump of 15-09-12 shows mfehidk.sys (McAfee)
Do you still have it installed?

 

[jbucko]

no i dont do u think that the drivers did not uninstall all the way??

 

[koolkat77]

Probably
See if this helps How to uninstall or reinstall supported McAfee products using the Consumer Products Removal tool (MCPR)

 

[jbucko]

ok so i did the removal tool and then went back to normal use of the computer and i got a BSOD. this one is one i have never seen before though.


On Sun 9/16/2012 4:13:19 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\091512-13026-01.dmp
This was probably caused by the following module: win32k.sys (win32k+0xC6282)
Bugcheck code: 0x19 (0x3, 0xFFFFF900C4E1FA40, 0xFFFFF900C4E1FA40, 0xFFFFF900C4E1FA50)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\win32k.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Multi-User Win32 Driver
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.

 

[koolkat77]

There's no dump

 

[jbucko]

13026 is the one that i never got before and 12792 is the one that i got when tryin to upload the dump file

 

[koolkat77]

Hmm
Dumps don't give the accurate information but from the bug checks and their usual causes:

STOP 0x0000001A: MEMORY_MANAGEMENT BSOD Index

Usual causes: Device driver, memory, kernel

STOP 0x00000019: BAD_POOL_HEADER BSOD Index

Usual causes: Device driver

Before I tell you to test your memory and so on lets enable driver verifier to rule out buggy drivers.

Verifier puts extreme stress on the drivers, bad ones will cause BSOD. If we change all those drivers we hope for no more BSODs, If you get no BSODs, then its not a driver and we look to hardware. With verifier on your computer may be a little laggy, but actually..its just doing its work.

• http://www.sevenforums.com/tutorials/101379-driver-verifier-enable-disable.html

Information
Driver Verifier runs in the background, "testing" drivers for bugs. If it finds one, a Blue Screen of Death (BSOD) will result; the corresponding dump file will hopefully show the faulty driver.

Driver Verifier monitors kernel-mode drivers and graphics drivers to detect illegal function calls or actions that might corrupt the system. It can subject the drivers to a variety of stresses and tests to find improper behavior.

Continue to use your system normally, and if you know what causes the crash, do that repeatedly. The objective here is to get the system to crash because Driver Verifier is stressing the drivers out. If it doesn't crash for you, then let it run for at least 36 hours of continuous operation.

 

[jbucko]

ok so i am trying to select all the nonmicrosoft drivers and there is none and i dont know the location to find them to add them to the list. last time i ran the driver verifier i just made it do all of the drivers.

 

[Arc]

Let us see the screenshots of the verifier window, showing the steps you followed as per the tutorial Driver Verifier - Enable and Disable.

 

[jbucko]

just got this.

 

[jbucko]

Let us see the screenshots of the verifier window, showing the steps you followed as per the tutorial Driver Verifier - Enable and Disable.

i was opening the verifier through the diagnostic tool. it works now, didnt think it made a difference thanks. Restarting the computer hoping for a BSOD.

 

[Arc]

Well, this is Gigabyte Easy Saver - mobo power utility driver.

......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

[COLOR=Red][B]BugCheck C1[/B][/COLOR], {fffff9807caceff0, fffff9807caceffc, 69000c, 24}

Unable to load image \??\C:\Windows\gdrv.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for gdrv.sys
*** ERROR: Module load completed but symbols could not be loaded for gdrv.sys
[COLOR=Red][B]Probably caused by : gdrv.sys[/B][/COLOR] ( gdrv+30c7 )

Let us see how old the driver is:

0: kd> lmvm gdrv
start             end                 module name
fffff880`0c30e000 fffff880`0c317000   gdrv     T (no symbols)           
    Loaded symbol image file: gdrv.sys
    Image path: \??\C:\Windows\gdrv.sys
    [B]Image name: gdrv.sys
    Timestamp:        [COLOR=Red]Fri Mar 13 08:52:29 2009[/COLOR][/B] (49B9D175)
    CheckSum:         000105CE
    ImageSize:        00009000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Very old, undoubtedly.

Go to the manufacturer's website, update the driver, and report us back.

And, disable the driver verifier for the time being. If it crashes again, we may suggest you to enable it again.