Bsod errors included minidump files..

[WardenGr]

Hello from greece! Since i am new to the forum, i would like to greet you all!
I am experienced enough at computers meaning i got 6 years of experience, either working at tech shops or just fixing computers at my home for friends and family.
I've never met something like this before and i am quite unhappy about it, because this comp cost me a load of money i worked for.
Before 2 weeks, i had several problems when my pc without notice, blue screen or anything, started to reboot at random times. Note that i didnt have a blue screen nor any dump files. So i did a fresh install of windows 7 64bit(home prm).
And everything seemed fine for a couple of hours. Now i am getting this ntfs.sys and ntoskrnl.exe errors outa nowhere... (using Bluescreen viewer.)
I would realy appretiate it if someone could help me fix this!
the dump files are these.

Looking forward for an answer.
Dimitris.

 

[WardenGr]

i am uploading soon 2 more dump files(just crashed) and the health status...

 

[WardenGr]

Just uploaded! Please take a look!
system speccs
windows 7 home premium 64bit CPU Intel Core i7 950 @3.07ghz Motherboard Gigabyte Ud5 Memory ddr3 6gb @1333 Graphics Card(s) Ati Sapphire hd rahdeon 5770 vapor-x

 

[writhziden]

Problematic Software:

ascservice.exe	c:\program files (x86)\iobit\advanced systemcare 5\ascservice.exe	760	13	200	1380	21/3/2012 7:09 μμ	5.0.0.39	892,34 KB (913.752 bytes)	18/3/2012 11:32 μμ
asctray.exe	c:\program files (x86)\iobit\advanced systemcare 5\asctray.exe	2468	8	200	1380	21/3/2012 7:09 μμ	5.2.0.257	560,84 KB (574.296 bytes)	18/3/2012 11:32 μμ

Many of us on the forums actually do not recommend automated optimization tools for Windows 7. Windows 7 does a much better job of handling its own optimization than its predecessors did. We especially do not recommend registry cleaning as an "optimization" step because automated registry cleaning causes more harm to the registry than it actually repairs.

In the future, if you need help optimizing Windows 7, please post a thread in Performance & Maintenance - Windows 7 Forums or follow the tutorial enclosed in that forum to http://www.sevenforums.com/tutorial...ws-7-a.html?filter[2]=Performance Maintenance.


Remove:

ssscheduler.exe	c:\program files (x86)\mcafee security scan\2.0.181\ssscheduler.exe	2620	8	200	1380	21/3/2012 7:09 μμ	2.0.181.0	249,55 KB (255.536 bytes)	15/1/2010 2:49 μμ

Security Software: ????

Microsoft Security Essentials - Free Antivirus for Windows​

http://www.sevenforums.com/system-s...-system-security-combination.html#post1732627​

Possible out of date drivers:

RTKVHD64	fffff880`08e14000	fffff880`08f7df80	Thu Jul 24 04:05:39 2008 (488853f3)	0016db24		RTKVHD64.sys
gdrv	fffff880`09a9b000	fffff880`09aa4000	Fri Aug 08 12:28:54 2008 (489c9066)	00009d45		gdrv.sys
jraid	fffff880`00dd3000	fffff880`00dee000	Mon Nov 03 19:20:09 2008 (490fb159)	0001ef62		jraid.sys
Rt64win7	fffff880`07d72000	fffff880`07da4000	Thu Feb 26 02:04:13 2009 (49a65b0d)	000361a5		Rt64win7.sys

RTKVHD64.sys
gdrv.sys
jraid.sys
Rt64win7.sys
Update the above drivers. If you cannot find an update to the Gigabyte Easy Saver - mobo power utility, remove the software. When the power utility is out of date, it is known to cause crashes.

[list=1]
[*]Loading Dump File [D:\Kingston\BSODDmpFiles\WardenGr\Windows_NT6_BSOD_jcgriff2\032112-16161-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02e1f000 PsLoadedModuleList = 0xfffff800`0305ce70
Debug session time: Wed Mar 21 11:03:46.958 2012 (UTC - 6:00)
System Uptime: 0 days 0:03:51.004
Loading Kernel Symbols
...............................................................
................................................................
................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41284, 3a4d001, 0, fffff70001080000}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4a13 )

Followup: MachineOwner
---------

6: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041284, A PTE or the working set list is corrupt.
Arg2: 0000000003a4d001
Arg3: 0000000000000000
Arg4: fffff70001080000

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_41284

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  firefox.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80002ee42e3 to fffff80002e8f5c0

STACK_TEXT:  
fffff880`0b885978 fffff800`02ee42e3 : 00000000`0000001a 00000000`00041284 00000000`03a4d001 00000000`00000000 : nt!KeBugCheckEx
fffff880`0b885980 fffff800`02ec1aaa : cd600001`0db09025 fffffa80`05145c20 fffff880`0b885a40 fffffa80`078ffd80 : nt! ?? ::FNODOBFM::`string'+0x4a13
fffff880`0b8859c0 fffff800`02e5db7e : fffffa80`0837d490 fffff880`0112b711 00000000`00000001 cd600001`0db09025 : nt!MiGetPageProtection+0xaa
fffff880`0b885a00 fffff800`02e5d81a : fffffa80`05145c20 fffffa80`07d2e060 fffffa80`07d2e060 00000000`03a4d000 : nt!MiQueryAddressState+0x2ae
fffff880`0b885a50 fffff800`031738f8 : 00000000`00000002 00000000`03a4e000 fffffa80`05145c20 00000000`032ff970 : nt!MiQueryAddressSpan+0xaa
fffff880`0b885ac0 fffff800`02e8e813 : ffffffff`ffffffff fffffa80`07984b60 00000000`00000000 00000000`0270e758 : nt!NtQueryVirtualMemory+0x386
fffff880`0b885bb0 00000000`7733f8ea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0270e738 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7733f8ea


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+4a13
fffff800`02ee42e3 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+4a13

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aa44

FAILURE_BUCKET_ID:  X64_0x1a_41284_nt!_??_::FNODOBFM::_string_+4a13

BUCKET_ID:  X64_0x1a_41284_nt!_??_::FNODOBFM::_string_+4a13

Followup: MachineOwner
---------
[*]
Loading Dump File [D:\Kingston\BSODDmpFiles\WardenGr\Windows_NT6_BSOD_jcgriff2\032112-24944-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`02e4d000 PsLoadedModuleList = 0xfffff800`0308ae70
Debug session time: Wed Mar 21 10:20:41.219 2012 (UTC - 6:00)
System Uptime: 0 days 0:03:15.265
Loading Kernel Symbols
...............................................................
................................................................
..................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffffa8019c42c50, 0, fffff80002ee773b, 2}


Could not read faulting driver name
Probably caused by : memory_corruption ( nt!MmUnmapViewInSystemCache+1cc )

Followup: MachineOwner
---------

4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa8019c42c50, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff80002ee773b, If non-zero, the instruction address which referenced the bad memory
	address.
Arg4: 0000000000000002, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030f50e0
 fffffa8019c42c50 

FAULTING_IP: 
nt!MmUnmapViewInSystemCache+1cc
fffff800`02ee773b 8b5d00          mov     ebx,dword ptr [rbp]

MM_INTERNAL_CODE:  2

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  System

CURRENT_IRQL:  0

TRAP_FRAME:  fffff88003345870 -- (.trap 0xfffff88003345870)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000058000000000 rbx=0000000000000000 rcx=0000000fffffffff
rdx=0000000000000002 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002ee773b rsp=fffff88003345a00 rbp=fffffa8019c42c50
 r8=fffff780c0000000  r9=fffff98016817000 r10=fffffa800851b790
r11=fffff80003049e00 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po cy
nt!MmUnmapViewInSystemCache+0x1cc:
fffff800`02ee773b 8b5d00          mov     ebx,dword ptr [rbp] ss:fffffa80`19c42c50=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002f3c7d2 to fffff80002ebd5c0

STACK_TEXT:  
fffff880`03345708 fffff800`02f3c7d2 : 00000000`00000050 fffffa80`19c42c50 00000000`00000000 fffff880`03345870 : nt!KeBugCheckEx
fffff880`03345710 fffff800`02ebb6ae : 00000000`00000000 fffff980`16816008 00000038`00000000 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0x40d80
fffff880`03345870 fffff800`02ee773b : 00000000`00001d64 fffffa80`01ae5420 fffff880`03345b40 fffff880`03345b40 : nt!KiPageFault+0x16e
fffff880`03345a00 fffff800`031d103d : fffff980`16817000 fffff8a0`09470af0 00000000`00000001 00000000`00000001 : nt!MmUnmapViewInSystemCache+0x1cc
fffff880`03345ce0 fffff800`02ed63b7 : 00000000`000c0000 fffffa80`04ee7de0 00000000`00000000 00000000`00100000 : nt!CcUnmapVacb+0x5d
fffff880`03345d20 fffff800`02edc205 : 00000000`00000001 00000000`00100000 fffffa80`050b7910 00000000`00000001 : nt!CcUnmapVacbArray+0x1b7
fffff880`03345db0 fffff800`031c0672 : 00000000`00100000 00000000`00100000 fffff880`03345f08 fffff880`03345f00 : nt!CcGetVirtualAddress+0x2c5
fffff880`03345e40 fffff880`012ae7cb : 00000000`00000000 fffffa80`04f35b60 fffff880`033462f8 00000000`0000000f : nt!CcMapData+0xd2
fffff880`03345f00 fffff880`01223a34 : 00000000`00100000 fffff880`033460d0 00000000`00100000 fffff880`01227b69 : Ntfs!NtfsMapStream+0x5b
fffff880`03345f40 fffff880`0122773c : fffff880`03346390 fffff8a0`094b0ac0 00000000`206c644d 00000000`00000000 : Ntfs!NtfsLockFileRange+0xa4
fffff880`03345fd0 fffff880`0122da12 : fffff880`03346390 fffffa80`081e6800 fffffa80`05d0e180 fffff8a0`094b0ac0 : Ntfs!NtfsNonCachedIo+0x91a
fffff880`033461a0 fffff880`01232413 : fffff880`03346390 fffffa80`081e6800 fffff880`03346500 fffff880`03346501 : Ntfs!NtfsCommonWrite+0x872
fffff880`03346360 fffff880`0110e23f : fffffa80`081e6ba0 fffffa80`081e6800 fffffa80`054b9a30 00000000`00000000 : Ntfs!NtfsFsdWrite+0x1c3
fffff880`033465e0 fffff880`0110c6df : fffffa80`05e6c900 fffffa80`0851b790 fffffa80`05e6c900 fffffa80`081e6800 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`03346670 fffff800`02eac1bf : fffffa80`081e6800 fffff880`03346c58 fffffa80`07e13010 00000000`00000000 : fltmgr!FltpDispatch+0xcf
fffff880`033466d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IoSynchronousPageWrite+0x24f


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!MmUnmapViewInSystemCache+1cc
fffff800`02ee773b 8b5d00          mov     ebx,dword ptr [rbp]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!MmUnmapViewInSystemCache+1cc

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4e02aa44

IMAGE_NAME:  memory_corruption

FAILURE_BUCKET_ID:  X64_0x50_nt!MmUnmapViewInSystemCache+1cc

BUCKET_ID:  X64_0x50_nt!MmUnmapViewInSystemCache+1cc

Followup: MachineOwner
---------


[/list]

1. Possible causes are Memory problems... Drivers...
2. Possible causes are Memory problems... Drivers... Hard disk errors... system file corruption... Missing Windows Updates... Other possible causes include Antivirus Software... Graphics card memory problems... BIOS...

Thanks to Dave76 for help understanding possible causes.


We will start with the common problems first (see bold possible causes). Do the following steps and test by doing your normal routine after each step to see if stability increases (the memory tests you can run concurrently as they will not increase stability unless you are forced to move modules around). Post back your results after each step, and if you get a blue screen crash, upload the files again and await further instructions after we are able to analyze the crash.

If you can do your normal routine for a few weeks without a crash, and your crashes are usually more frequent than that, then the problem is likely solved.

• If you are overclocking any hardware, please stop.
  
  
• Run Disk Check with both boxes checked for all HDDs and with Automatically fix file system errors checked for all SSDs. Post back your logs for the checks after finding them using http://www.sevenforums.com/tutorials/96938-check-disk-chkdsk-read-event-viewer-log.html.
  For any drives that do not give the message:
  Windows has checked the file system and found no problems
  run disk check again as above. In other words, if it says:
  Windows has made corrections to the file system
  after running the disk check, run the disk check again.
  
  
• Run http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html up to three times to fix all errors with a restart in between each. Post back if it continues to show errors after a fourth run or if the first run comes back with no integrity violations.
  
  
  
• Install all Windows Updates.
  
  
  
• Run the boot version of Memtest86+ paying close attention to Parts 2 and 3 of the tutorial. Also, in case Memtest86+ misses anything and comes up with no errors, run the extended version of the Windows Memory Diagnostics Tool for at least five passes. These you may want to run overnight since they take a long time to complete (run them an hour before bed each of the next two nights and check before going to sleep that they are still running).
  
  If you swap any memory components, follow these steps for ESD safety:
  1. Shut down and turn off your computer.
  2. Unplug all power supplies to the computer (AC Power then battery for laptops, AC power for desktops)
  3. Hold down the power button for 30 seconds to close the circuit and ensure all power drains from components.
  4. Make sure you are grounded by using proper grounding techniques, i.e. work on an anti-static workbench, anti-static desk, or an anti-static pad. Hold something metallic while touching it to the anti-static surface, or use an anti-static wristband to attach to the anti-static material while working.
  Once these steps have been followed, it is safe to remove and replace components within your computer.
  
  
• An underlying driver may be incompatible\conflicting with your system. Run Driver Verifier to find any issues. To run Driver Verifier, do the following:
  
  a. Backup your system and user files
  b. Create a system restore point
  c. If you do not have a Windows 7 DVD, Create a system repair disc
  d. In Windows 7:

  • Click the Start Menu
  • Type verifier in Search programs and files (do not hit enter)
  • Right click verifier and click Run as administrator
  • Put a tick in Create custom settings (for code developers) and click next
  • Put a tick in Select individual settings from a full list and click next
  • Set up the individual settings as in the image and click next
    View attachment 203914
  • Put a tick in Select driver names from a list
  • Put a tick next to all non-Microsoft drivers.
  • Click Finish.
  • Restart your computer.

  
  If Windows cannot start in normal mode with driver verifier running, start in safe mode. If it cannot start in safe mode or normal mode, restore the system restore point using http://www.sevenforums.com/tutorials/700-system-restore.html OPTION TWO.
  
  Thanks to zigzag3143 for contributing to the Verifier steps.
  If you are unable to start Windows with all drivers being verified or if the blue screen crashes fail to create .dmp files, run them in groups of 5 or 10 until you find a group that causes blue screen crashes and stores the blue screen .dmp files.​
  The idea with Verifier is to cause the system to crash, so do the things you normally do that cause crashes. After you have a few crashes, upload the crash reports for us to take a look and try to find patterns.

 

[WardenGr]

This answer was quite helpful! I updated the drivers, and done the disc check! Since yesterday i havent experienced any crashes. ill complete the tasks above and if i get a new crash ill contact you! About the system security, everything was ok the last 2 years with asc, thought ill follow your suggestion and disable registry scans! Mcfee is off the grid by now(it was installed with a driver recovery disc i had since i bought my hardware as freeware).
Thank you very much!

 

[writhziden]

You're welcome.

If the system is responding well, there is currently no reason to run Verifier. I would recommend holding off on that step and seeing how the system does for a few days.

 

[WardenGr]

Hello, some days after my last post, i recieve a couple more bsod.
So i decided not to bother you and did a format+fresh install...
Now i am still experiencing Blue screens. Mostly at startup but not only.
I did the checks and here are the files.
I pretty frustated. I wish you can help me!
my guess is its either:
Drivers(because i had trouble updating some.)
Graphics card(crashed while game)
Ram( i did run memtest 6 passes no error (who knows, it might didnt spit out)
The most furstating thing is that i am sick with fever.

 

[writhziden]

Sorry that you have a fever.


You do not have security software installed. Please see my first post for good, free options.

[list=1][*]
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\Kingston\BSODDmpFiles\WardenGr\Windows_NT6_BSOD_jcgriff2\032912-36769-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330
Machine Name:
Kernel base = 0xfffff800`02e53000 PsLoadedModuleList = 0xfffff800`03097650
Debug session time: Thu Mar 29 09:27:01.506 2012 (UTC - 6:00)
System Uptime: 0 days 0:12:19.396
Loading Kernel Symbols
...............................................................
................................................................
............
Loading User Symbols
Loading unloaded module list
...............
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 24, {1904fb, fffff8800b4fd978, fffff8800b4fd1d0, fffff88001257ac9}

Probably caused by : Ntfs.sys ( Ntfs!NtfsCleanupIrpContext+239 )

Followup: MachineOwner
---------

7: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

NTFS_FILE_SYSTEM (24)
    If you see NtfsExceptionFilter on the stack then the 2nd and 3rd
    parameters are the exception record and context record. Do a .cxr
    on the 3rd parameter and then kb to obtain a more informative stack
    trace.
Arguments:
Arg1: 00000000001904fb
Arg2: fffff8800b4fd978
Arg3: fffff8800b4fd1d0
Arg4: fffff88001257ac9

Debugging Details:
------------------


EXCEPTION_RECORD:  fffff8800b4fd978 -- (.exr 0xfffff8800b4fd978)
ExceptionAddress: fffff88001257ac9 (Ntfs!NtfsCleanupIrpContext+0x0000000000000239)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 0000000800000000
Attempt to read from address 0000000800000000

CONTEXT:  fffff8800b4fd1d0 -- (.cxr 0xfffff8800b4fd1d0)
rax=fffff8800b4fde28 rbx=fffff8800b4fddd0 rcx=fffff8800b4fddd0
rdx=0000000000000001 rsi=fffffa80059b9a00 rdi=0000000800000000
rip=fffff88001257ac9 rsp=fffff8800b4fdbb0 rbp=fffff8800b4fdf30
 r8=0000000000000000  r9=0000000000000000 r10=ffffffffffffff7f
r11=fffff8800b4fdd30 r12=0000000000000001 r13=0000000000000702
r14=0000000800000001 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
Ntfs!NtfsCleanupIrpContext+0x239:
fffff880`01257ac9 6644392f        cmp     word ptr [rdi],r13w ds:002b:00000008`00000000=????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  CCC.exe

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  0000000800000000

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003101100
 0000000800000000 

FOLLOWUP_IP: 
Ntfs!NtfsCleanupIrpContext+239
fffff880`01257ac9 6644392f        cmp     word ptr [rdi],r13w

FAULTING_IP: 
Ntfs!NtfsCleanupIrpContext+239
fffff880`01257ac9 6644392f        cmp     word ptr [rdi],r13w

BUGCHECK_STR:  0x24

LAST_CONTROL_TRANSFER:  from fffff880012563a0 to fffff88001257ac9

STACK_TEXT:  
fffff880`0b4fdbb0 fffff880`012563a0 : fffff880`0b4fddd0 00000000`00000001 fffff880`0b4fdf30 fffffa80`059b9a00 : Ntfs!NtfsCleanupIrpContext+0x239
fffff880`0b4fdc00 fffff880`01256a68 : fffff880`0b4fddd0 fffffa80`059b9a00 fffff880`0b4fdf01 fffffa80`05a81601 : Ntfs!NtfsCommonRead+0x1b74
fffff880`0b4fdda0 fffff880`01059bcf : fffffa80`059b9da0 fffffa80`059b9a00 fffffa80`05a816a0 00000000`00000000 : Ntfs!NtfsFsdRead+0x1b8
fffff880`0b4fdfb0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f


SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  Ntfs!NtfsCleanupIrpContext+239

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Ntfs

IMAGE_NAME:  Ntfs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4d79997b

STACK_COMMAND:  .cxr 0xfffff8800b4fd1d0 ; kb

FAILURE_BUCKET_ID:  X64_0x24_Ntfs!NtfsCleanupIrpContext+239

BUCKET_ID:  X64_0x24_Ntfs!NtfsCleanupIrpContext+239

Followup: MachineOwner
---------
[*]
Loading Dump File [D:\Kingston\BSODDmpFiles\WardenGr\Windows_NT6_BSOD_jcgriff2\032912-18548-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330
Machine Name:
Kernel base = 0xfffff800`02e5e000 PsLoadedModuleList = 0xfffff800`030a2650
Debug session time: Thu Mar 29 09:14:09.637 2012 (UTC - 6:00)
System Uptime: 0 days 0:00:54.432
Loading Kernel Symbols
...............................................................
................................................................
...........
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffff908c0000840, 0, fffff9600014604f, 5}


Could not read faulting driver name
Probably caused by : win32k.sys ( win32k!XEPALOBJ::vUnrefPalette+f )

Followup: MachineOwner
---------

2: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff908c0000840, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff9600014604f, If non-zero, the instruction address which referenced the bad memory
	address.
Arg4: 0000000000000005, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff8000310c100
 fffff908c0000840 

FAULTING_IP: 
win32k!XEPALOBJ::vUnrefPalette+f
fffff960`0014604f 488b08          mov     rcx,qword ptr [rax]

MM_INTERNAL_CODE:  5

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  wermgr.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff8800384d550 -- (.trap 0xfffff8800384d550)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff908c0000840 rbx=0000000000000000 rcx=fffff8800384d7c0
rdx=fffff90000002000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff9600014604f rsp=fffff8800384d6e0 rbp=0000000000000001
 r8=0000000000000e60  r9=0000000000000000 r10=fffff80002e5e000
r11=000000000000005c r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
win32k!XEPALOBJ::vUnrefPalette+0xf:
fffff960`0014604f 488b08          mov     rcx,qword ptr [rax] ds:fffff908`c0000840=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002e85c1f to fffff80002edad40

STACK_TEXT:  
fffff880`0384d3e8 fffff800`02e85c1f : 00000000`00000050 fffff908`c0000840 00000000`00000000 fffff880`0384d550 : nt!KeBugCheckEx
fffff880`0384d3f0 fffff800`02ed8e6e : 00000000`00000000 fffff908`c0000840 fffff8a0`01edaf00 fffff880`0384d7c0 : nt! ?? ::FNODOBFM::`string'+0x43d41
fffff880`0384d550 fffff960`0014604f : fffffa80`07634950 fffff960`00145eb8 fffff900`c316fef8 fffff900`c0734ce0 : nt!KiPageFault+0x16e
fffff880`0384d6e0 fffff960`001466d9 : fffff900`c00bf010 fffff900`c316fcc0 00000000`00000000 fffff900`c316fef8 : win32k!XEPALOBJ::vUnrefPalette+0xf
fffff880`0384d720 fffff960`0014683c : fffff900`00000000 fffff900`00000000 fffff900`c316fcc0 00000000`00000000 : win32k!SURFACE::bDeleteSurface+0x5c1
fffff880`0384d870 fffff960`001467dd : fffff900`c0401b48 fffff900`c316fcc0 00000000`00000000 fffff8a0`024611a0 : win32k!bDeleteSurface+0x34
fffff880`0384d8a0 fffff960`0017de55 : 00000000`0000030d fffff900`c0734ce0 fffff900`c0830020 fffff900`c0800000 : win32k!GreDeleteObject+0x6d
fffff880`0384d8d0 fffff960`0014d91b : fffff900`c0401b48 00000000`00000001 00000000`00000002 fffff900`c0756c20 : win32k!CleanupCursorObject+0x9d
fffff880`0384d900 fffff960`0014db71 : 00000000`00000000 00000000`00000000 fffff960`00366670 fffff900`c0830020 : win32k!DestroyCursor+0x53
fffff880`0384d930 fffff960`00149a1d : 00000000`00000000 00000000`00000001 00000000`77262148 fffff900`c0756c20 : win32k!DestroyProcessesObjects+0x119
fffff880`0384d970 fffff960`0016dd93 : fffffa80`086974e0 00000000`00000001 fffffa80`0786b920 fffff900`c0756c20 : win32k!xxxDestroyThreadInfo+0xdcd
fffff880`0384da40 fffff960`00144fe0 : 00000000`00000000 fffffa80`086974e0 fffffa80`086974e0 00000000`00000000 : win32k!UserThreadCallout+0x93
fffff880`0384da70 fffff800`031af535 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`08697400 : win32k!W32pThreadCallout+0x78
fffff880`0384daa0 fffff800`031910d8 : 00000000`00000000 00000000`00000001 fffffa80`08749000 00000000`00000000 : nt!PspExitThread+0x285
fffff880`0384dba0 fffff800`02ed9fd3 : fffffa80`08749060 fffff880`00000000 fffffa80`086974e0 00000000`00000000 : nt!NtTerminateProcess+0x138
fffff880`0384dc20 00000000`773215da : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0022fa98 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x773215da


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!XEPALOBJ::vUnrefPalette+f
fffff960`0014604f 488b08          mov     rcx,qword ptr [rax]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  win32k!XEPALOBJ::vUnrefPalette+f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4f2b63bd

FAILURE_BUCKET_ID:  X64_0x50_win32k!XEPALOBJ::vUnrefPalette+f

BUCKET_ID:  X64_0x50_win32k!XEPALOBJ::vUnrefPalette+f

Followup: MachineOwner
---------

[*]
Loading Dump File [D:\Kingston\BSODDmpFiles\WardenGr\Windows_NT6_BSOD_jcgriff2\032912-17347-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.17727.amd64fre.win7sp1_gdr.111118-2330
Machine Name:
Kernel base = 0xfffff800`02e4c000 PsLoadedModuleList = 0xfffff800`03090650
Debug session time: Thu Mar 29 09:12:36.718 2012 (UTC - 6:00)
System Uptime: 0 days 0:53:40.624
Loading Kernel Symbols
...............................................................
................................................................
.............
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41790, fffffa80016c7820, ffff, 0}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+355d4 )

Followup: MachineOwner
---------

6: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa80016c7820
Arg3: 000000000000ffff
Arg4: 0000000000000000

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_41790

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  iexplore.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80002f37610 to fffff80002ec8d40

STACK_TEXT:  
fffff880`0724d828 fffff800`02f37610 : 00000000`0000001a 00000000`00041790 fffffa80`016c7820 00000000`0000ffff : nt!KeBugCheckEx
fffff880`0724d830 fffff800`02efbae9 : 00000000`00000000 00000000`6cf0cfff fffffa80`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x355d4
fffff880`0724d9f0 fffff800`031def91 : fffffa80`05790eb0 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiRemoveMappedView+0xd9
fffff880`0724db10 fffff800`031df393 : 0000007f`00000000 00000000`6c7d0000 fffffa80`00000001 fffffa80`05042aa0 : nt!MiUnmapViewOfSection+0x1b1
fffff880`0724dbd0 fffff800`02ec7fd3 : ffffffff`ffffffff 00000000`02c77dd8 fffffa80`05658b30 00000000`00008000 : nt!NtUnmapViewOfSection+0x5f
fffff880`0724dc20 00000000`774815ba : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`02c78088 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x774815ba


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+355d4
fffff800`02f37610 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+355d4

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4ec79dd2

FAILURE_BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+355d4

BUCKET_ID:  X64_0x1a_41790_nt!_??_::FNODOBFM::_string_+355d4

Followup: MachineOwner
---------


[/list]

Your crashes have one common cause: memory.

• Download and install CPU-Z and Upload screenshots of the CPU, Mainboard, Memory, and SPD tabs. In the SPD tab, upload an image of each slot.

 

[WardenGr]

I downloaded the program but it gets an error on start up!!! uploading a pic with the error.
Note: it was taken in safe mode with networking and after the cpuz135\ returned = 1 (error=0) <-- this is missing from the screen shot.

 

[WardenGr]

ok i managed to start computer at normal mode, after i did a startup repair.
Here are the pics u asked for.

 

[writhziden]

RAM timings all look good. Have you tried running with one module at a time? If not, do the following: Do your normal routine through Windows with one module at a time. Test each module slot with each module. Try to find a module and slot that do not cause crashes. Test the other modules in the good slot, and test all slots with a good module. Make sure to follow the ESD safety steps to the best of your ability in post #4 of this thread.

 

[WardenGr]

So do u actually want me to work with one piece of ram each time? (white slots)
Can u explain a bit more please so i can do it right?

 

[writhziden]

Remove two modules. Leave only one module in the system. See how the system runs with that one module in that one slot. Then, after you are sure the system is either more stable or still crashing, move that one module to one of the other slots in your system. Do this until you have checked all slots. If that module causes crashes in all slots, it is probably a bad module. If it is stable in all slots, then all slots are good and the module is good. If the module works in any slot, that slot is good and the module is good.

If the first module caused crashes in all slots: do the same procedure with one of the other two modules in each slot as you did with the first module. If those two modules cause crashes in all slots, try the third module in each slot as you did with the first two. If all three modules cause crashes in all slots, chances are the problem is not a bad module or bad slot but something else.

If the first module did not cause a crash in a slot, test the other modules in that slot. If all slots provided stability with the first module, test the other modules in any of the slots and any module that causes crashes can be considered bad.

The idea is the same as that presented in Part 3 of http://www.sevenforums.com/tutorials/105647-ram-test-memtest86.html but running Windows to test each module and slot rather than running Memtest86+.

 

[WardenGr]

Hello again. I just completed the test you asked me to do.
Everything seems fine!
First module: passed 1st 3rd and 5th slot no prob
2nd module: NOTE put it in slot 1 turn on pc, crashed 1-2sec after power on small reboot and then everythings allright, slot 3 ok slot 5 ok!
3rd module: 1st,3rd,5th ok.
So what do i do now?
should i run memtest again?

 

[writhziden]

Test the 2nd module more carefully and for a longer period of time. You should really run each module for a few days of normal use to be sure whether the module is good or faulty.

 

[WardenGr]

the thing is, that my pc crashes mostly at start up, so i guess if its going to crash itll crash there. What about running memtest again? and besides that, will a new pair of ram modules probably fix the problem?

 

[writhziden]

I cannot tell yet whether replacing the modules will resolve the problem. It depends on what is causing it. That is why we need you to run with one module at a time for a longer period of time, so you can let us know how the system responds. See if over a few days you have any bad startups with one module or another. I realize that means nine days of testing, but at least this way, it should not prevent you from having access to your computer for any important tasks.

If you need to do more intensive tasks that require more than 2 GB of RAM, you could choose to test two modules at a time. If you have the same problems, it may be one of the modules in that set is bad and you can swap one with the remaining module and make a mental note of the one that still remains. If you still have problems, swap the remaining module you have not yet swapped (the one that you made the mental note about) and see if you still have problems.

 

[WardenGr]

ok then, youll probably hear from me after easter holidays! Since i dont have enought days to complete the tasks!
Happy easter!

 

[writhziden]

No problem. Post back whenever you have the chance. I just figured this way you would at least still be able to use your computer and not have to run all the tests that prevent normal usage. Good luck and have a good Easter!