BSODs - ntoskrnl.exe

K

Kungal

New member
Local time
2:16 PM
Messages
25
My computer has periods where it crashes with a BSOD over and over again. This lasts for a day or more then it decides to go back to functioning properly. They always seem to be related to ntoskrnl.exe.

I've tried working out what the problem with no success, which is why I came here. Another thing I've noticed is that my computer doesn't make a .dmp file every time. Today I have had about five BSODs but there are only two .dmp files.

If someone who knows what they are doing could have a look at these .dmp files, it would be much appreciated.
 

My Computer

OS
Windows 7 Pro
Woops, forgot to include these details:

OS: windows 7 home premium (64 bit)
Ram: 6gb
Motherboard: Gigabyte X58AUD36
Processor: i7
Video card: Nvidia GeForce GTX460
 

My Computer

OS
Windows 7 Pro
Hello Kungal,
I was having the same error some months ago. Did you install a new program ?If yes try doing a system restore or reinststall windows using a windows 7 cd.
 

My Computer

Computer Manufacturer/Model Number
Sony Vaio VPCEA23EN
OS
Windows 7 Ultimate 64bit OS (6.1,build 7601)
CPU
Intel(R) Core(TM) i3
Motherboard
350 @ 2.27GHz(4 CPUs), ~2.3GHz
Memory
3 GB
Graphics Card(s)
ATI Mobolity Radeon HD 4500 Series
Sound Card
HD AUDIO
Screen Resolution
1366 X 768
Hard Drives
320 GB
Mouse
Microsoft Wireless Mobile Mouse 1000
Internet Speed
1 Mbps
Antivirus
ESET Smart Security 6
Browser
Mozilla Firefox, Google Chrome
Since no probable cause is being indicated enable driver verifier to locate the possible drivers causing the BSODs
Driver Verifier - Enable and Disable
Then upload the dumps which are created
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 10 Pro x64, Arch Linux
CPU
Intel Core 2 Quad Q8200 OC'd 3.08GHz
Motherboard
Asus Rampage formula LGA775
Memory
8GB DDR2 900Mhz
Graphics Card(s)
MSI GT730 2GB GDDR5 (Kepler)
Sound Card
Supreme FX2
Monitor(s) Displays
Samsung LS22F350 LED
Screen Resolution
1080P
Hard Drives
Kingston SSDNow UV400 120GB, 500GB Hitachi, 2TB Samsung, 500GB Seagate FreeAgent, 640GB Samsung, 160GB Toshiba (Arch)
PSU
AeroCool 500W Bronze
Cooling
Cooler Master V6 + 3X fans
Keyboard
Prolink keyboard
Mouse
Logitech M705
Internet Speed
1MiB/s
Browser
Chrome Beta
I've enabled driver verifier. How long does this normally take?? Do I use use my computer as usual and wait for another BSOD??
 

My Computer

OS
Windows 7 Pro
Kungal said:
I've enabled driver verifier. How long does this normally take?? Do I use use my computer as usual and wait for another BSOD??
Click to expand...
Use it normally until it BSODs :)
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 10 Pro x64, Arch Linux
CPU
Intel Core 2 Quad Q8200 OC'd 3.08GHz
Motherboard
Asus Rampage formula LGA775
Memory
8GB DDR2 900Mhz
Graphics Card(s)
MSI GT730 2GB GDDR5 (Kepler)
Sound Card
Supreme FX2
Monitor(s) Displays
Samsung LS22F350 LED
Screen Resolution
1080P
Hard Drives
Kingston SSDNow UV400 120GB, 500GB Hitachi, 2TB Samsung, 500GB Seagate FreeAgent, 640GB Samsung, 160GB Toshiba (Arch)
PSU
AeroCool 500W Bronze
Cooling
Cooler Master V6 + 3X fans
Keyboard
Prolink keyboard
Mouse
Logitech M705
Internet Speed
1MiB/s
Browser
Chrome Beta
Ok, It BSODed about two hours after I turned driver verifier on, then It crashed again about ten minutes after that. The .dmp files are attached

The windows debugging program says one is due to tcpip.sys and the other is probably due to memory_coruption
 

My Computer

OS
Windows 7 Pro
Kungal said:
Ok, It BSODed about two hours after I turned driver verifier on, then It crashed again about ten minutes after that. The .dmp files are attached

The windows debugging program says one is due to tcpip.sys and the other is probably due to memory_coruption
Click to expand...

Dumps indicate that services.exe was involved in the last crash
Disable any useless startup programs and run a scan of Malwarebytes
Code: 
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {28, 2, 0, fffff800032c7518}

Probably caused by : memory_corruption ( nt!MiFindNodeOrParent+0 )

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000028, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800032c7518, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800034bd0e0
 0000000000000028 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!MiFindNodeOrParent+0
fffff800`032c7518 48f7412800ffffff test    qword ptr [rcx+28h],0FFFFFFFFFFFFFF00h

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  services.exe

TRAP_FRAME:  fffff880033e77f0 -- (.trap 0xfffff880033e77f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800032c7518 rsp=fffff880033e7988 rbp=0000000000000000
 r8=fffff880033e79d0  r9=0000000000000000 r10=fffffa8007f3adf0
r11=fffffa8007f38b20 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
nt!MiFindNodeOrParent:
fffff800`032c7518 48f7412800ffffff test    qword ptr [rcx+28h],0FFFFFFFFFFFFFF00h ds:00000000`00000028=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80003284ca9 to fffff80003285740

STACK_TEXT:  
fffff880`033e76a8 fffff800`03284ca9 : 00000000`0000000a 00000000`00000028 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`033e76b0 fffff800`03283920 : 00000000`00040001 fffffa80`07f3ae38 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`033e77f0 fffff800`032c7518 : fffff800`032cb2d7 00000000`00000000 fffff800`0329a1d1 fffff880`009b1180 : nt!KiPageFault+0x260
fffff880`033e7988 fffff800`032cb2d7 : 00000000`00000000 fffff800`0329a1d1 fffff880`009b1180 00000000`00000000 : nt!MiFindNodeOrParent
fffff880`033e7990 fffff800`032cb25d : fffffa80`07f38410 fffff800`0329a65b fffffa80`04f1a9e0 00001f80`00000000 : nt!MiLocateAddressInTree+0x17
fffff880`033e79c0 fffff800`032cb368 : 00000000`00000000 00000000`00000000 fffffa80`069e72f0 fffffa80`07f3aea8 : nt!MiGetSharedProtosAtDpcLevel+0xbd
fffff880`033e7a10 fffff800`032231cb : fffffa80`00000040 00000000`00000048 fffffa80`07f38410 00000000`00000004 : nt!MiGetSharedProtos+0x18
fffff880`033e7a40 fffff800`0338b8a0 : 00000000`00000000 fffffa80`07f3ae30 fffffa80`07f38410 fffffa80`07f38410 : nt! ?? ::FNODOBFM::`string'+0x927b
fffff880`033e7a70 fffff800`03307aac : fffffa80`07f38410 00000003`00000000 fffffa80`07f3adf0 fffffa80`07f3aea8 : nt!MiEmptyPageAccessLog+0x160
fffff880`033e7ae0 fffff800`03299ee2 : 00000000`00000436 00000000`00000000 fffffa80`00000000 00000000`00000005 : nt! ?? ::FNODOBFM::`string'+0x4972b
fffff880`033e7b80 fffff800`0329a173 : 00000000`00000008 fffff880`033e7c10 00000000`00000001 fffffa80`00000000 : nt!MmWorkingSetManager+0x6e
fffff880`033e7bd0 fffff800`035287c6 : fffffa80`04f1a9e0 00000000`00000080 fffffa80`04ee9040 00000000`00000001 : nt!KeBalanceSetManager+0x1c3
fffff880`033e7d40 fffff800`03263c26 : fffff880`009b1180 fffffa80`04f1a9e0 fffff880`009bc0c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`033e7d80 00000000`00000000 : fffff880`033e8000 fffff880`033e2000 fffff880`033e7710 00000000`00000000 : nt!KxStartSystemThread+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!MiFindNodeOrParent+0
fffff800`032c7518 48f7412800ffffff test    qword ptr [rcx+28h],0FFFFFFFFFFFFFF00h

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!MiFindNodeOrParent+0

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4cc791bd

IMAGE_NAME:  memory_corruption

FAILURE_BUCKET_ID:  X64_0xA_nt!MiFindNodeOrParent+0

BUCKET_ID:  X64_0xA_nt!MiFindNodeOrParent+0

Followup: MachineOwner
---------
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 10 Pro x64, Arch Linux
CPU
Intel Core 2 Quad Q8200 OC'd 3.08GHz
Motherboard
Asus Rampage formula LGA775
Memory
8GB DDR2 900Mhz
Graphics Card(s)
MSI GT730 2GB GDDR5 (Kepler)
Sound Card
Supreme FX2
Monitor(s) Displays
Samsung LS22F350 LED
Screen Resolution
1080P
Hard Drives
Kingston SSDNow UV400 120GB, 500GB Hitachi, 2TB Samsung, 500GB Seagate FreeAgent, 640GB Samsung, 160GB Toshiba (Arch)
PSU
AeroCool 500W Bronze
Cooling
Cooler Master V6 + 3X fans
Keyboard
Prolink keyboard
Mouse
Logitech M705
Internet Speed
1MiB/s
Browser
Chrome Beta
Will do. Will post back with the results
 

My Computer

OS
Windows 7 Pro
Done, no malicious software found, and I have disabled almost every start up app. My reply is a bit late because, I went to work all day and, most importantly, I just spent the last two hours unable to do anything because of almost continuous BSODs!!

None of them left a minidump file, which is weird. They kept occurring in the startup process, and every time I had to run startup recovery which would restore my computer to an earlier point in time and take about 10 - 15 mins.

Any other advice?

Thanks
 

My Computer

OS
Windows 7 Pro
You must log in or register to reply here.
Back
Top