locked
BSODs because of ntoskrnl.exe and ntfs.exe RRS feed

  • Question

  • Hi there!

    I hope that this is the right place to ask for help.

    Lately I've got a *LOT* of BSODs and 'freezes', and when I check Whocrashed, it says it's because of ntoskrnl.exe and ntfs.exe. Both don't seem to indicate hardware errors. I already updated my graphic drivers because the older messages told me.

    But what am I to do about the ntoskrnl.exe and ntfs.exe problems? I'm getting quite a headache here - and I am already suffering from cluster-headache, so that's double :(

    Hope someone can help me out here, because I am at the end of my rope here.

    Kind regards,

    Eelco


    Welcome to WhoCrashed (HOME EDITION) v 3.06


    This program checks for drivers which have been crashing your computer. If your computer has displayed a blue screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.

    Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.

    This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. If will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.


    To obtain technical support visit www.resplendence.com/support

    Click here to check if you have the latest version or if an update is available.

    Just click the Analyze button for a comprehensible report ...



    Home Edition Notice


    This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition of WhoCrashed which also allows analysis of crashdumps on remote drives and computers on the network and offers a range of additional features.

    Click here for more information on the professional edition.
    Click here to buy the the professional edition of WhoCrashed.



    System Information (local)


    computer name: WINDOWS7RECHTS
    windows version: Windows 7 Service Pack 1, 6.1, build: 7601
    windows dir: C:\Windows
    CPU: GenuineIntel Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz Intel586, level: 6
    2 logical processors, active mask: 3
    RAM: 4293054464 total
    VM: 2147352576, free: 1936670720



    Crash Dump Analysis


    Crash dump directory: C:\Windows\Minidump

    Crash dumps are enabled on your computer.


    On Tue 18-9-2012 12:34:57 GMT your computer crashed
    crash dump file: C:\Windows\Minidump\091812-47751-01.dmp
    This was probably caused by the following module: ntoskrnl.exe (nt+0x7F1C0)
    Bugcheck code: 0x1E (0xFFFFFFFFC0000005, 0xFFFFF800034952F7, 0x0, 0xFFFFFFFFFFFFFFFF)
    Error: KMODE_EXCEPTION_NOT_HANDLED
    file path: C:\Windows\system32\ntoskrnl.exe
    product: Microsoft® Windows® Operating System
    company: Microsoft Corporation
    description: NT Kernel & System
    Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


    On Tue 18-9-2012 12:22:43 GMT your computer crashed
    crash dump file: C:\Windows\Minidump\091812-42510-01.dmp
    This was probably caused by the following module: ntfs.sys (Ntfs+0xEFC08)
    Bugcheck code: 0xD1 (0xFFFFF88001322C08, 0x2, 0x8, 0xFFFFF88001322C08)
    Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
    file path: C:\Windows\system32\drivers\ntfs.sys
    product: Besturingssysteem Microsoft® Windows®
    company: Microsoft Corporation
    description: NT-bestandssysteemstuurprogramma
    Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


    On Tue 18-9-2012 11:54:32 GMT your computer crashed
    crash dump file: C:\Windows\Minidump\091812-36161-01.dmp
    This was probably caused by the following module: ntfs.sys (Ntfs+0xEFC08)
    Bugcheck code: 0xD1 (0xFFFFF8800133BC08, 0x2, 0x8, 0xFFFFF8800133BC08)
    Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
    file path: C:\Windows\system32\drivers\ntfs.sys
    product: Besturingssysteem Microsoft® Windows®
    company: Microsoft Corporation
    description: NT-bestandssysteemstuurprogramma
    Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


    On Tue 18-9-2012 11:43:48 GMT your computer crashed
    crash dump file: C:\Windows\Minidump\091812-38001-01.dmp
    This was probably caused by the following module: ntoskrnl.exe (nt+0x7F1C0)
    Bugcheck code: 0x4E (0x7, 0xB4CD8, 0x800002020000, 0x0)
    Error: PFN_LIST_CORRUPT
    file path: C:\Windows\system32\ntoskrnl.exe
    product: Microsoft® Windows® Operating System
    company: Microsoft Corporation
    description: NT Kernel & System
    Bug check description: This indicates that the page frame number (PFN) list is corrupted.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
    The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


    On Tue 18-9-2012 11:04:37 GMT your computer crashed
    crash dump file: C:\Windows\Minidump\091812-35724-01.dmp
    This was probably caused by the following module: ntoskrnl.exe (nt+0x7F1C0)
    Bugcheck code: 0xA (0x2E70006DE16A, 0x2, 0x0, 0xFFFFF800034EF2F7)
    Error: IRQL_NOT_LESS_OR_EQUAL
    file path: C:\Windows\system32\ntoskrnl.exe
    product: Microsoft® Windows® Operating System
    company: Microsoft Corporation
    description: NT Kernel & System
    Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


    On Tue 18-9-2012 8:33:08 GMT your computer crashed
    crash dump file: C:\Windows\Minidump\091812-32853-01.dmp
    This was probably caused by the following module: ntoskrnl.exe (nt+0x7F1C0)
    Bugcheck code: 0x4E (0x7, 0xA3638, 0xA216D, 0x0)
    Error: PFN_LIST_CORRUPT
    file path: C:\Windows\system32\ntoskrnl.exe
    product: Microsoft® Windows® Operating System
    company: Microsoft Corporation
    description: NT Kernel & System
    Bug check description: This indicates that the page frame number (PFN) list is corrupted.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
    The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


    On Mon 17-9-2012 12:16:58 GMT your computer crashed
    crash dump file: C:\Windows\Minidump\091712-40217-01.dmp
    This was probably caused by the following module: ntoskrnl.exe (nt+0x7F1C0)
    Bugcheck code: 0x4E (0x2, 0x121EBD, 0x137FFF, 0x100)
    Error: PFN_LIST_CORRUPT
    file path: C:\Windows\system32\ntoskrnl.exe
    product: Microsoft® Windows® Operating System
    company: Microsoft Corporation
    description: NT Kernel & System
    Bug check description: This indicates that the page frame number (PFN) list is corrupted.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
    The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


    On Mon 17-9-2012 12:05:05 GMT your computer crashed
    crash dump file: C:\Windows\Minidump\091712-80574-01.dmp
    This was probably caused by the following module: ntfs.sys (Ntfs+0xEFC08)
    Bugcheck code: 0xD1 (0xFFFFF8800130AC08, 0x2, 0x8, 0xFFFFF8800130AC08)
    Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
    file path: C:\Windows\system32\drivers\ntfs.sys
    product: Besturingssysteem Microsoft® Windows®
    company: Microsoft Corporation
    description: NT-bestandssysteemstuurprogramma
    Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


    On Mon 17-9-2012 11:55:20 GMT your computer crashed
    crash dump file: C:\Windows\Minidump\091712-55941-01.dmp
    This was probably caused by the following module: ntfs.sys (Ntfs+0x5A88)
    Bugcheck code: 0x24 (0x1904FB, 0xFFFFF88009AFFFF8, 0xFFFFF88009AFF850, 0xFFFFF80003467D73)
    Error: NTFS_FILE_SYSTEM
    file path: C:\Windows\system32\drivers\ntfs.sys
    product: Besturingssysteem Microsoft® Windows®
    company: Microsoft Corporation
    description: NT-bestandssysteemstuurprogramma
    Bug check description: This indicates a problem occurred in the NTFS file system.
    The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.


    On Fri 14-9-2012 20:06:59 GMT your computer crashed
    crash dump file: C:\Windows\Minidump\091412-56035-01.dmp
    This was probably caused by the following module: nvlddmkm.sys (nvlddmkm+0x254C35)
    Bugcheck code: 0x24 (0x1904FB, 0xFFFFF8800854A258, 0xFFFFF88008549AB0, 0xFFFFF8000351C73B)
    Error: NTFS_FILE_SYSTEM
    file path: C:\Windows\system32\drivers\nvlddmkm.sys
    product: NVIDIA Windows Kernel Mode Driver, Version 306.23
    company: NVIDIA Corporation
    description: NVIDIA Windows Kernel Mode Driver, Version 306.23
    Bug check description: This indicates a problem occurred in the NTFS file system.
    A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 306.23 , NVIDIA Corporation).
    Google query: nvlddmkm.sys NVIDIA Corporation NTFS_FILE_SYSTEM




    On Thu 13-9-2012 23:33:12 GMT your computer crashed
    crash dump file: C:\Windows\Minidump\091412-42806-01.dmp
    This was probably caused by the following module: ntoskrnl.exe (nt+0xB473B)
    Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFF8000351373B, 0xFFFFF880033328C8, 0xFFFFF88003332120)
    Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
    file path: C:\Windows\system32\ntoskrnl.exe
    product: Microsoft® Windows® Operating System
    company: Microsoft Corporation
    description: NT Kernel & System
    Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


    On Thu 13-9-2012 15:58:39 GMT your computer crashed
    crash dump file: C:\Windows\Minidump\091312-99294-01.dmp
    This was probably caused by the following module: ntoskrnl.exe (nt+0x7F1C0)
    Bugcheck code: 0x109 (0xA3A039D89A80B9FC, 0x0, 0x9BC7EF26B081B41, 0x101)
    Error: CRITICAL_STRUCTURE_CORRUPTION
    file path: C:\Windows\system32\ntoskrnl.exe
    product: Microsoft® Windows® Operating System
    company: Microsoft Corporation
    description: NT Kernel & System
    Bug check description: This indicates that the kernel has detected critical kernel code or data corruption.
    This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
    The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


    On Mon 1-1-2007 3:04:15 GMT your computer crashed
    crash dump file: C:\Windows\Minidump\010107-39374-01.dmp
    This was probably caused by the following module: ntoskrnl.exe (nt+0x7F1C0)
    Bugcheck code: 0x4E (0x7, 0x857B0, 0x200000, 0x0)
    Error: PFN_LIST_CORRUPT
    file path: C:\Windows\system32\ntoskrnl.exe
    product: Microsoft® Windows® Operating System
    company: Microsoft Corporation
    description: NT Kernel & System
    Bug check description: This indicates that the page frame number (PFN) list is corrupted.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
    The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


    On Sun 31-12-2006 22:33:21 GMT your computer crashed
    crash dump file: C:\Windows\Minidump\123106-72431-01.dmp
    This was probably caused by the following module: ntoskrnl.exe (nt+0x7F1C0)
    Bugcheck code: 0x50 (0xFFFFF8A0157B46E8, 0x0, 0xFFFFF80002D12B5A, 0x2)
    Error: PAGE_FAULT_IN_NONPAGED_AREA
    file path: C:\Windows\system32\ntoskrnl.exe
    product: Microsoft® Windows® Operating System
    company: Microsoft Corporation
    description: NT Kernel & System
    Bug check description: This indicates that invalid system memory has been referenced.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


    On Sun 31-12-2006 22:11:50 GMT your computer crashed
    crash dump file: C:\Windows\Minidump\123106-73133-01.dmp
    This was probably caused by the following module: ntfs.sys (Ntfs+0xEFC08)
    Bugcheck code: 0xD1 (0xFFFFF88001306C08, 0x2, 0x8, 0xFFFFF88001306C08)
    Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
    file path: C:\Windows\system32\drivers\ntfs.sys
    product: Besturingssysteem Microsoft® Windows®
    company: Microsoft Corporation
    description: NT-bestandssysteemstuurprogramma
    Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.



    Conclusion


    15 crash dumps have been found and analyzed. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

    nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 306.23 , NVIDIA Corporation)

    If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.


    Read the topic general suggestions for troubleshooting system crashes for more information.

    Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.




    Tuesday, September 18, 2012 12:57 PM

All replies

  • Oh, forgot to mention: this system has worked fine for over three years, and I have thouroughly checked the memory with Memtest (let it spin for about 10 cycles), no errors found there....

    Link to minidumps:

    https://skydrive.live.com/redir?resid=FD64D476F44CD176!3751&authkey=!AERSIVbz1xZGg98

    Again: hope to hear from you soon! :-)

    Tuesday, September 18, 2012 12:58 PM
  • Run the Windows 7 Memory Diagnostic Tool
    http://www.sevenforums.com/performance-maintenance/104698-memory-diagnostic-tool.html

    Select Start, Run, type cmd and press ENTER. Type "chkdsk c: /f /r" without the quotes and hit ENTER. Make sure you include the spaces indicated. Enter Y when asked whether you wish to run chkdsk on restarting the computer. Exit and restart the computer.

    Marking off bad sectors on a hard drive takes time so be patient. Marking off does not repair a bad sector. It places pointers on the drive telling the system not to read or write to those sectors which have been damaged.

    If the number of bad sectors continues to increase after you have run the procedure above several times then you should replace the drive. If an important system file is written to a bad sector you can corrupt registry hives and lose the whole contents of the drive.

    On the other hand if having run chkdsk you see no more new bad sectors then the drive can work for you for years.

    If the previous two operations disclose no problems then please provide the further information detailed below.

    What is your computer make and model? If not a branded computer what is your motherboard make and model?

    Please download and run Driver View and upload a copy of the report it produces to your Sky Drive.

    http://www.nirsoft.net/utils/driverview.html

    Type System Information in the Search Box above the start Button and press the ENTER key. Select File, Export and give the file a name noting where it is located. Please upload to your Sky Drive, share and post a link here.



    Hope this helps, Gerry

    Tuesday, September 18, 2012 5:07 PM
  • Third party is not a ideal drivers to install in your system. Aways check the manufacturers ducomentation and your system architecture design, 64 bit or 32..to make you system integrity digitally signed..

    Just mark as helpfull if it gives a solution to your problem..

    Thnkas

    Wednesday, September 19, 2012 4:44 AM
  • Hi,


    Regarding the error code 0x1E, you can refer to Bug Check 0x1E: KMODE_EXCEPTION_NOT_HANDLED.


    Meanwhile, please try the following:


    1. Update the BIOS and the drivers.

    2. Test the issue in Safe Mode to check the result.


    Hope this helps.


    Vincent Wang

    TechNet Community Support

    Wednesday, September 19, 2012 9:08 AM
  • You'll probably want to see if a verifier enabled dump produces anything more interesting,

    http://mikemstech.blogspot.com/2011/12/enable-driver-verifier-to-help-identify.html

    After enabling the driver verifier, please upload any new dumps generated and we can look at them.



    Thursday, September 20, 2012 1:35 PM
  • Link to system information.txt and report.html:

    https://skydrive.live.com/redir?resid=FD64D476F44CD176!3751&authkey=!AERSIVbz1xZGg98

    Driver verifier is also enabled now.

    Chkdsk gave some errors, but afaik not in system files, just in downloaded files and in applications I don't normaly use.

    chkdsk ran for about a day, and when I came back I saw another BSOD, not sure if chkdsk had finished completely. 

    windows memory diagnostics didn't yield any errors, nor did running memtest86+ for 10 straight hours.


    Voer eendjes, geen oorlog

    Thursday, September 20, 2012 2:11 PM
  • Driver Verifier enabled, when there are new dumps I'll post the link here again.

    Thanks!


    Voer eendjes, geen oorlog

    BTW: when I reboot, the system comes to life, but at a certain point the cursor freezes and nothing works anymore. 
    Turning the system off and on again sometimes works, but sometimes I just get another freeze or another BSOD. Seems that rebooting in Safe Mode helps only slightly.

    Some of the BSOD's are strange: the text seems to be on the screen twice, but shifted about 3 mm to the right. Like you're looking at the screen completely drunk or with wrong glasses on (both of which are not the case here, at least not now :-P)

    Thursday, September 20, 2012 2:12 PM
  • Link to two new dumps: https://skydrive.live.com/redir?resid=FD64D476F44CD176!3751&authkey=!AERSIVbz1xZGg98

    Got one D1 error and one C4 error... :(

    And one 0xA error and one 4E error....

    C4.... that's the kind of powerfull explosives the marines and/or terrorists use, right? :-D

    In between the system froze three times.


    Voer eendjes, geen oorlog


    Link is updated, all new dumps have been added. all start with 092012...
    Thursday, September 20, 2012 4:15 PM
  • Found a couple of possible causes in the latest dumps

    mcdbus.sys -> MagicISO... Try removing this or disabling the driver piece
    EpfwLWF.sys -> Eset personal firewall... try disabling/removing this piece

    The most interesting pieces of debugging output are below

    DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
    A device driver attempting to corrupt the system has been caught.  This is
    because the driver was specified in the registry as being suspect (by the
    administrator) and the kernel has enabled substantial checking of this driver.
    If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
    be among the most commonly seen crashes.
    Arguments:
    Arg1: 0000000000000081, MmMapLockedPages called without MDL_MAPPING_CAN_FAIL
    Arg2: fffff9806b27afc0, MDL address.
    Arg3: 0000000000000082, MDL flags.
    Arg4: 0000000000000000, 0.

    Debugging Details:
    ------------------

    blah blah blah...

    MODULE_NAME: mcdbus

    IMAGE_NAME:  mcdbus.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  49a3cd1f

    FAILURE_BUCKET_ID:  X64_0xc4_81_VRF_mcdbus+36823

    BUCKET_ID:  X64_0xc4_81_VRF_mcdbus+36823

    Followup: MachineOwner
    ---------

    0: kd> lmvm mcdbus
    start             end                 module name
    fffff880`04b72000 fffff880`04bae880   mcdbus   T (no symbols)          
        Loaded symbol image file: mcdbus.sys
        Image path: \SystemRoot\system32\DRIVERS\mcdbus.sys
        Image name: mcdbus.sys
        Timestamp:        Tue Feb 24 03:34:07 2009 (49A3CD1F)
        CheckSum:         00041E84
        ImageSize:        0003C880
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

    Use !analyze -v to get detailed debugging information.

    BugCheck D1, {fffff890028d8648, 2, 8, fffff890028d8648}

    Unable to load image EpfwLWF.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for EpfwLWF.sys
    *** ERROR: Module load completed but symbols could not be loaded for EpfwLWF.sys
    Probably caused by : EpfwLWF.sys ( EpfwLWF+176b )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
    An attempt was made to access a pageable (or completely invalid) address at an
    interrupt request level (IRQL) that is too high.  This is usually
    caused by drivers using improper addresses.
    If kernel debugger is available get stack backtrace.
    Arguments:
    Arg1: fffff890028d8648, memory referenced
    Arg2: 0000000000000002, IRQL
    Arg3: 0000000000000008, value 0 = read operation, 1 = write operation
    Arg4: fffff890028d8648, address which referenced memory

    Debugging Details:
    ------------------


    READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800036c0100
     fffff890028d8648

    CURRENT_IRQL:  2

    FAULTING_IP:
    +3233343266646339
    fffff890`028d8648 ??              ???

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

    BUGCHECK_STR:  0xD1

    PROCESS_NAME:  SABnzbd.exe

    TRAP_FRAME:  fffff80000ba28b0 -- (.trap 0xfffff80000ba28b0)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffff98090e82ea0 rbx=0000000000000000 rcx=fffffa8005fe0080
    rdx=0000000088972273 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff890028d8648 rsp=fffff80000ba2a48 rbp=fffff80000ba2b20
     r8=fffff80000ba2b20  r9=0000000000000030 r10=fffff890028d8648
    r11=0000000000000005 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei ng nz na po nc
    fffff890`028d8648 ??              ???
    Resetting default scope

    LAST_CONTROL_TRANSFER:  from fffff80003490769 to fffff800034911c0

    FAILED_INSTRUCTION_ADDRESS:
    +3233343266646339
    fffff890`028d8648 ??              ???

    STACK_TEXT: 
    fffff800`00ba2768 fffff800`03490769 : 00000000`0000000a fffff890`028d8648 00000000`00000002 00000000`00000008 : nt!KeBugCheckEx
    fffff800`00ba2770 fffff800`0348f3e0 : 00000000`00000000 fffff800`039187d3 00000000`00000000 fffff800`00ba2b10 : nt!KiBugCheckDispatch+0x69
    fffff800`00ba28b0 fffff890`028d8648 : fffff880`03d4f76b fffff800`00ba2b10 fffff800`00ba2b20 00000000`00000002 : nt!KiPageFault+0x260
    fffff800`00ba2a48 fffff880`03d4f76b : fffff800`00ba2b10 fffff800`00ba2b20 00000000`00000002 fffff980`0601af70 : 0xfffff890`028d8648
    fffff800`00ba2a50 fffff800`00ba2b10 : fffff800`00ba2b20 00000000`00000002 fffff980`0601af70 fffff980`90e82ea0 : EpfwLWF+0x176b
    fffff800`00ba2a58 fffff800`00ba2b20 : 00000000`00000002 fffff980`0601af70 fffff980`90e82ea0 00000000`00000158 : 0xfffff800`00ba2b10
    fffff800`00ba2a60 00000000`00000002 : fffff980`0601af70 fffff980`90e82ea0 00000000`00000158 fffff800`00ba2b10 : 0xfffff800`00ba2b20
    fffff800`00ba2a68 fffff980`0601af70 : fffff980`90e82ea0 00000000`00000158 fffff800`00ba2b10 fffff800`03928d07 : 0x2
    fffff800`00ba2a70 fffff980`90e82ea0 : 00000000`00000158 fffff800`00ba2b10 fffff800`03928d07 00000000`00000000 : 0xfffff980`0601af70
    fffff800`00ba2a78 00000000`00000158 : fffff800`00ba2b10 fffff800`03928d07 00000000`00000000 fffff980`0601afc0 : 0xfffff980`90e82ea0
    fffff800`00ba2a80 fffff800`00ba2b10 : fffff800`03928d07 00000000`00000000 fffff980`0601afc0 fffff800`454c5702 : 0x158
    fffff800`00ba2a88 fffff800`03928d07 : 00000000`00000000 fffff980`0601afc0 fffff800`454c5702 00000000`00000000 : 0xfffff800`00ba2b10
    fffff800`00ba2a90 fffff880`03d522c9 : fffffa80`05fe0080 fffff980`0601af70 00000000`00000030 00000000`00000000 : nt!VerifierExAllocatePoolWithTagPriority+0x17
    fffff800`00ba2ad0 fffffa80`05fe0080 : fffff980`0601af70 00000000`00000030 00000000`00000000 ffffffff`00000030 : EpfwLWF+0x42c9
    fffff800`00ba2ad8 fffff980`0601af70 : 00000000`00000030 00000000`00000000 ffffffff`00000030 fffff980`90e82ea0 : 0xfffffa80`05fe0080
    fffff800`00ba2ae0 00000000`00000030 : 00000000`00000000 ffffffff`00000030 fffff980`90e82ea0 fffff980`00000158 : 0xfffff980`0601af70
    fffff800`00ba2ae8 00000000`00000000 : ffffffff`00000030 fffff980`90e82ea0 fffff980`00000158 fffffa80`07574001 : 0x30


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    EpfwLWF+176b
    fffff880`03d4f76b ??              ???

    SYMBOL_STACK_INDEX:  4

    SYMBOL_NAME:  EpfwLWF+176b

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: EpfwLWF

    IMAGE_NAME:  EpfwLWF.sys

    DEBUG_FLR_IMAGE_TIMESTAMP:  4f5770a3

    FAILURE_BUCKET_ID:  X64_0xD1_VRF_CODE_AV_BAD_IP_EpfwLWF+176b

    BUCKET_ID:  X64_0xD1_VRF_CODE_AV_BAD_IP_EpfwLWF+176b

    Followup: MachineOwner
    ---------

    0: kd> lmvm EpfwLWF
    start             end                 module name
    fffff880`03d4e000 fffff880`03d5b000   EpfwLWF  T (no symbols)          
        Loaded symbol image file: EpfwLWF.sys
        Image path: EpfwLWF.sys
        Image name: EpfwLWF.sys
        Timestamp:        Wed Mar 07 07:28:51 2012 (4F5770A3)
        CheckSum:         00013AE7
        ImageSize:        0000D000
        Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4


    Thursday, September 20, 2012 9:03 PM
  • Thought I'd give the chkdsk another go, but then from a bootable rescue-dvd. Although the dvd was 32-bits version and the crappy machine is 64bits, so recovery won't work, I thougth I could always check the disk. This time, I *also* got a bsod, now with an IRQ_NOT_LESS_OR_EQUAL (STOP: 0x0000000A (0x0000002C, 0x00000002, 0x00000000, 0x8ACFF3A2)

    Correct me if I'm wrong, but if I boot from DVD into another windows version (the working recovery dvd), and I *still* get a BSOD, then this probably isn't a driver problem anymore? The memory has been thouroughly checked, should be OK. A crappy disk that is being checkdisked can't bring up a BSOD, right?

    So, what else could it be? The MB? Can I just buy any other MB and replace it? I think that Windows will complain very loudly, right?

    Oh, didn't know if I already mentioned the brand and make before (think it's in the files I uploaded): it's a Medion MD8333 with Win7 HP64bits, 1.5 TB HD, NVidia GeForce GT440, MSI 7502 mobo, 4GB RAM.

    According to Medion, there is no newer BIOS then the one installed. All Medion drivers are up to date. Videodriver came from NVidia, I bought that one later.

    Oh, when I was trying to get the info, I got another BSOD: 0x00000034 (0x50853, 0xFFFFF88002FC5068, 0xFFFFF88002FC48C0, FFFFF800034962F7). 

    Get the feeling that my machine wants to collect them all from 0x01 to 0xff...... :(


    Voer eendjes, geen oorlog

    Friday, September 21, 2012 9:20 AM
  • IT could be the motherboard. You should see if the vendor has a diagnostic set that can be run before you spring for a new one (unless the system is still under warranty). If you replace the motherboard with the same type, then Windows shouldn't complain. Have you thoroughly tested the hard drive?

    http://mikemstech.blogspot.com/2011/12/how-to-detect-failing-hard-drive.html

    In addition to checking the SMART health status, you might also try running the SMART tests against the drive. You could also try reseating all of the connections to make sure that nothing was loose.

    Based on the error codes that you received, I would suspect an issue with the motherboard or hard drive.
    Friday, September 21, 2012 1:34 PM