Random BSOD refers to ntoskrnl.exe

[JimW1956]

Windows 7 Home Premium gives a BSOD randomly, sometimes when the computer is being used and other times when it is idling. Any and all help would be appreciated.

 

[Arc]

Welcome aboard.

The dump is not specifying anything there!

.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {300100000009, 2, 1, fffff80002cd6266}

Probably caused by : win32k.sys ( win32k!TimersProc+197 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000300100000009, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002cd6266, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002efa100
 0000300100000009 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!KiInsertTimerTable+c6
fffff800`02cd6266 4c894008        mov     qword ptr [rax+8],r8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  csrss.exe

TRAP_FRAME:  fffff880023127e0 -- (.trap 0xfffff880023127e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000300100000001 rbx=0000000000000000 rcx=0000000000019283
rdx=fffff80002e64f90 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002cd6266 rsp=fffff88002312970 rbp=fffffa8005235538
 r8=fffffa8007830cb0  r9=000000000000006b r10=fffff80002e3de80
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
nt!KiInsertTimerTable+0xc6:
fffff800`02cd6266 4c894008        mov     qword ptr [rax+8],r8 ds:00003001`00000009=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002cca769 to fffff80002ccb1c0

STACK_TEXT:  
fffff880`02312698 fffff800`02cca769 : 00000000`0000000a 00003001`00000009 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`023126a0 fffff800`02cc93e0 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`07830c90 : nt!KiBugCheckDispatch+0x69
fffff880`023127e0 fffff800`02cd6266 : 00000000`00000202 fffff800`02cd081a fffff880`009e7180 fffffa80`08821510 : nt!KiPageFault+0x260
fffff880`02312970 fffff800`02cd5fa0 : ffffffff`fffca4a0 fffff800`02e3de80 fffffa80`07830c90 00000000`00000000 : nt!KiInsertTimerTable+0xc6
fffff880`023129d0 fffff800`02cd5ea4 : fffff900`c064ddf0 ffffffff`fffca4a0 00000000`00000000 fffff960`00000002 : nt!KiSetTimerEx+0xf0
fffff880`02312a60 fffff960`00144b77 : 00000000`00000000 00000000`00000001 00000000`00000004 fffff800`02cd4033 : nt!KeSetTimer+0x14
fffff880`02312aa0 fffff960`0014554b : 00000000`00000000 fffff960`00365f10 00000000`00000004 00000000`00000001 : win32k!TimersProc+0x197
fffff880`02312af0 fffff960`000d5098 : fffffa80`0000007b 00000000`0000000f fffff880`00000001 ffffffff`800002e4 : win32k!RawInputThread+0x9ab
fffff880`02312bc0 fffff960`00155d9a : fffffa80`00000002 fffff880`01fe5f40 00000000`00000020 00000000`00000000 : win32k!xxxCreateSystemThreads+0x58
fffff880`02312bf0 fffff800`02cca453 : fffffa80`078b6980 00000000`00000004 000007ff`fffae000 00000000`00000000 : win32k!NtUserCallNoParam+0x36
fffff880`02312c20 000007fe`fd761eea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`002ef798 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`fd761eea


STACK_COMMAND:  kb

FOLLOWUP_IP: 
win32k!TimersProc+197
fffff960`00144b77 488b5c2450      mov     rbx,qword ptr [rsp+50h]

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  win32k!TimersProc+197

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32k

IMAGE_NAME:  win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5006fd0d

FAILURE_BUCKET_ID:  X64_0xA_win32k!TimersProc+197

BUCKET_ID:  X64_0xA_win32k!TimersProc+197

Followup: MachineOwner
---------

0: kd> .trap 0xfffff880023127e0
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000300100000001 rbx=0000000000000000 rcx=0000000000019283
rdx=fffff80002e64f90 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002cd6266 rsp=fffff88002312970 rbp=fffffa8005235538
 r8=fffffa8007830cb0  r9=000000000000006b r10=fffff80002e3de80
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
nt!KiInsertTimerTable+0xc6:
fffff800`02cd6266 4c894008        mov     qword ptr [rax+8],r8 ds:00003001`00000009=????????????????
0: kd> kv
  *** Stack trace for last set context - .thread/.cxr resets it
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`02312970 fffff800`02cd5fa0 : ffffffff`fffca4a0 fffff800`02e3de80 fffffa80`07830c90 00000000`00000000 : nt!KiInsertTimerTable+0xc6
fffff880`023129d0 fffff800`02cd5ea4 : fffff900`c064ddf0 ffffffff`fffca4a0 00000000`00000000 fffff960`00000002 : nt!KiSetTimerEx+0xf0
fffff880`02312a60 fffff960`00144b77 : 00000000`00000000 00000000`00000001 00000000`00000004 fffff800`02cd4033 : nt!KeSetTimer+0x14
fffff880`02312aa0 fffff960`0014554b : 00000000`00000000 fffff960`00365f10 00000000`00000004 00000000`00000001 : win32k!TimersProc+0x197
fffff880`02312af0 fffff960`000d5098 : fffffa80`0000007b 00000000`0000000f fffff880`00000001 ffffffff`800002e4 : win32k!RawInputThread+0x9ab
fffff880`02312bc0 fffff960`00155d9a : fffffa80`00000002 fffff880`01fe5f40 00000000`00000020 00000000`00000000 : win32k!xxxCreateSystemThreads+0x58
fffff880`02312bf0 fffff800`02cca453 : fffffa80`078b6980 00000000`00000004 000007ff`fffae000 00000000`00000000 : win32k!NtUserCallNoParam+0x36
fffff880`02312c20 000007fe`fd761eea : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`02312c20)
00000000`002ef798 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`fd761eea
0: kd> .trap fffff880`02312c20
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=000007fefd763734
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=000007fefd761eea rsp=00000000002ef798 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
0033:000007fe`fd761eea ??              ???
0: kd> kv
  *** Stack trace for last set context - .thread/.cxr resets it
Child-SP          RetAddr           : Args to Child                                                           : Call Site
00000000`002ef798 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x7fe`fd761eea

► Do you have any USB hard disk attached, if so, remove it and see if it is stopping crashes, and check for issues in your internal HDDs.

1. Reseat the sata and power.
2. Run chkdsk /f/r, following the option two of the tutorial Disk Check
3. Seatool for dos: SeaTools | Seagate download
   Burn it in a blank cd. boot from the CD, click on "Accept", wait for it to finish detecting the drives, then in the upper left corner select "Basic Tests", then select "Long Test" and let it run.

► Is the computer is a part of a network, and there is another computer there in the same name?

Event[11881]:
Log Name: System
Source: Server
Date: 2012-05-08T02:07:44.000
Event ID: 2505
Task: N/A
Level: Error
Opcode: N/A
Keyword: Classic
User: N/A
User Name: N/A
Computer: Dorie-HP
Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{E9064561-4FEA-4C35-98DA-2BB3AD430945} because another computer on the network has the same name. The server could not start.

► You should try to get that computer out of the network first, and see what it behaves individually.

Event[14725]:
Log Name: System
Source: Service Control Manager
Date: 2012-05-18T08:20:01.484
Event ID: 7001
Task: N/A
Level: Error
Opcode: N/A
Keyword: Classic
User: N/A
User Name: N/A
Computer: Dorie-HP
Description:
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

► I have nothing to say against Avast, but I would suggest you install Malwarebytes : Free anti-malware and have a full scan your system with it, in safe mode.

Let us know how things went.

 

[JimW1956]

Thank You for your help & suggestions!
Only USB device is the mouse. Hadn't noticed 2 pc's with the same name I changed one of them.
I reseated the SATA , memory , & power. Then ran 10 passes of memtest+ no problems, ran chkdsk Option 2 with suggested switches no problems.
I haven't run Seatools yet.
I did give in over the weekend and did a clean reinstall but within 6 hrs. got a BSOD and several since then. I have attached the latest dump files using the SF Diagnostic Tool. I know it looks like I'm way behind on updating everything, but have done all updates since reinstall.
I use Avast & Malwarebytes , just hadn't got it installed on this pc until this morning.
I am confused though, I shut the pc down yesterday afternoon and didn't boot it back up til around 9 this morning and haven't had a BSOD yet; Knock on Wood.
I will keep you updated.

 

[Arc]

Jim, do one more thing. Enable Driver Verifier.
http://www.sevenforums.com/tutorials/101379-driver-verifier-enable-disable.html

It will monitor your third party drivers, and will put the exact information in the subsequent dumps, if any.

 

[JimW1956]

Well 2 days using the pc problem free then a BSOD sometime last night when idle. I ran SeaTools/Seagate yesterday afternoon finding no problems.
I hope I enabled Driver Verifier correctly.
Attached is the dump file from this morning, hopefully it will tell us something.

 

[Arc]

Jim, the latest dump you supplied is of 11th of this month, that means before the time you have enabled driver verifier.

We wanted to check a crash dump with the verifier on, so it will be of no help in this case

The latest one, dated 11/9 2012 shows this:

.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

[COLOR=Red][B]BugCheck 1A,[/B][/COLOR] {5003, fffff70001080000, 2669, 266d00004c09}

P[COLOR=Red][B]robably caused by : ntkrnlmp.exe[/B][/COLOR] ( nt! ?? ::FNODOBFM::`string'+29731 )

Followup: MachineOwner
---------

A bugcheck 1A occurs due to a device driver or a memory related issue. As no device driver is found earlier, I suggested you to enable driver verifier so that the third party drivers can be monitored. But the crash shows that it is an earlier one.

On the basis of that dump, I would suggest you to run memtest.
http://www.sevenforums.com/tutorials/105647-ram-test-memtest86.html

 

[JimW1956]

Arc,

I noticed the date on the file also but thought I was missing something. I'm not sure why the last BSOD didn't create a dump file.
I'll run memtest tonight and tomorrow and post an update tomorrow evening.
Again I want to Thank You for your help and guidance with this problem.

 

[JimW1956]

I ran memtest86+ for 14 Passes (21hrs) with no Errors. I guess I'll keep my fingers crossed the BSOD nightmare is over unless you have other suggestions to try to pinpoint the problem.

 

[Arc]

Wait a couple of days, see how it works now.

If it keeps crashing, let us know.

 

[JimW1956]

I didn't have to wait long. The system crashed last night at idle and then twice this morning while I was trying to run the SF Diagnostic tool. Finally ended up going into Safe Mode to get the Dump Files for you. Hopefully this file will help.

 

[Arc]

Jim, do you have any USB HDD attached? thest two, collectively indicating that a USB HDD is failing.

Event[1788]:
Log Name: System
Source: Service Control Manager
Date: 2012-09-07T23:00:50.650
Event ID: 7001
Task: N/A
Level: Error
Opcode: N/A
Keyword: Classic
User: N/A
User Name: N/A
Computer: Dorie-HP
Description:
The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:
A device attached to the system is not functioning.

Event[1706]:
Log Name: System
Source: Disk
Date: 2012-09-07T22:52:05.720
Event ID: 11
Task: N/A
Level: Error
Opcode: N/A
Keyword: Classic
User: N/A
User Name: N/A
Computer: Dorie-HP
Description:
The driver detected a controller error on \Device\Harddisk2\DR2.

Let us know.

If yes, see that removing that one works or not.

If no, we may suggest you to enable driver verifier again, as the dumps are saying nothing specific :sarc:

 

[JimW1956]

Arc,

The only thing attached to the pc is a a HP wireless mouse & keyboard that came with the pc. I did plug a Western Digital (My Passport) HDD to the pc to back up my files when I first started getting the crashes but removed it after the backup completed.

 

[Arc]

OK, then enable Driver Verifier.

Run Driver verifier for the next 24 hours or the occurrence of the next crash, whichever is earlier. When over, let us know, thet the subsequent dumps , if any.

 

[JimW1956]

Aweek with no problems then 3 crashes this morning. Here is the Dump Files with Driver Verifier enabled

 

[Arc]

......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

[COLOR=Red][B]BugCheck 119[/B][/COLOR], {1, 716, 701, 701}

*** [COLOR=Red]WARNING: Unable to verify timestamp for atikmpag.sys[/COLOR]
*** [COLOR=Red]ERROR: Module load completed but symbols could not be loaded for atikmpag.sys[/COLOR]
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
[COLOR=Red]Probably caused by : dxgmms1.sys [/COLOR]( dxgmms1!VidSchiVerifyDriverReportedFenceId+ad )

Followup: MachineOwner
---------
======================================================
1: kd> lmvm atikmpag
start             end                 module name
fffff880`03cb0000 fffff880`03ceb000   atikmpag T (no symbols)           
    Loaded symbol image file: atikmpag.sys
    Image path: \SystemRoot\system32\DRIVERS\atikmpag.sys
    [COLOR=Red][B]Image name: atikmpag.sys
    Timestamp:        Wed May 12 06:54:19 2010 [/B][/COLOR](4BEA0343)
    CheckSum:         00044ACB
    ImageSize:        0003B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

So, you are to update your graphics driver. Get it from AMD Support & Drivers.

 

[JimW1956]

Downloaded new graphics drivers and uninstalled AMD drivers went to reboot as per AMD instructions , now can't log back in to Windows or Safe Mode. Keyboard & Mouse non responsive on the login page but work using the diagnostic disc. Any suggestions?

 

[Arc]

Do a system restore to a point just earlier than the driver install.

Then install the driver following the method: http://www.sevenforums.com/tutorials/97061-driver-install-device-manager.html.
Point the driver update wizard to the downloaded driver.

 

[JimW1956]

Sorry for the lapse in time Arc. The pc crashed during the restore process And after that I couldn't get it to boot up at all.
I ended up doing a clean reinstall from a downloaded ISO following GregRocker's tutorial. It took 3 attempts to complete the install. I installed the video drivers from AMD as per your instructions as soon as I could. Started using the pc yesterday morning and it hasn't given me any problems yet.
I again THANK YOU for all your help & suggestions.
I will give it another couple of days and if no problems arise I will mark this thread as solved.

Jim

 

[Arc]

Well done, Jim

Best of luck. I hope the problems will not return there.

 

[JimW1956]

Well got to use the pc for a couple of days problem free. It crashed this morning and has been crashing within seconds after booting up.
I will upload the dump files as soon as I can get them.