Tech Support Forum - View Single Post - Frequent Random Crashes in Vista x64

You are viewing a conversation about Frequent Random Crashes in Vista x64. To view the entire conversation, or to join in, click here: Thread: Frequent Random Crashes in Vista x64

View Single Post
Old 11-17-2008, 01:21 PM  
jcgriff2
Administrator
Manager, Microsoft Support
Acting Manager, Security
BSOD Kernel Dump Expert
Microsoft Windows Insider MVP
 
jcgriff2's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: New Jersey Shore
Posts: 34,331
OS: Windows 10, 8.1 + Windbg :)



Hi. . .

I ran the 6 dumps -

0x0000000a (0x0, 0x2, 0x0, 0xfffff800`02712d20), probable cause = NT Kernel ntkrnkmp.exe.

0xa = IRQL_NOT_LESS_OR_EQUAL = Vista or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above. 0xa when found during Windows upgrade usually indicates hardware/ device driver problems.

0x000000d6 (0xfffff900`cc177000, 0x0, 0xfffff960`000f4404, 0x0), probable cause = MS GUI win32k.sys. Process running = Nero.

0x000000d6 (0xfffff900`cc0f5000, 0x0, 0xfffff960`00144404, 0x0), probable cause = MS GUI win32k.sys. Process running = Nero.

0xd6 = DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION = driver accessed memory beyond the end of its pool allocation. My guess is that a Nero driver responsible for this - not win32k.sys.

0x0000003b (0x00000000`c0000005, 0xfffff960`000863b2, 0xfffffa60`0c34c5c0, 0x0), probable cause = win32k.sys, process running = GrabIt.exe - Is this a binary downloading program?

0x3b = SYSTEM_SERVICE_EXCEPTION = exception happened while executing a routine that transitions from non-privileged code to privileged code. The exception here is the 1st parm - 0xc....5 - memory access violation. Again, win32k.sys not to blame here - lately I have been seeing NVidia or video as it is one of the few that moves from GUI to kernel code territory. Not sure about this GrabIt program - does it run in kernel mode?

0x00000024 (0x00000000`001904aa, 0xfffffa60`054e2b48, 0xfffffa60`054e2520, 0xfffffa60`012e5209), probable cause = MS file driver ntfs.sys. Process running = googletalkplugin.

0x24 = NTFS_FILE_SYSTEM - problem w/ ntfs.sys & a hard drive.

0x00000050 (0xfffffa60`0b6d8c50, 0x0, 0xfffff800`026ac00d, 0x0) , probable cause = MS GUI win32k.sys. Process running = Sidebar.exe.

0x50 = PAGE_FAULT_IN_NONPAGED_AREA = invalid system memory referenced. 0x50 usually hardware related.

I do believe that you have hardware issues here given the multiple bugchecks although some do appear software related in nature. However that older 40gb 2-plug USB may play a part here. You said that it wasn't being used so you pulled the plug on it. I assume that to mean that you didn't "safely remove" it... correct? Vista was using it - whether it was search indexer, your a/v or NTFS itself keeping track of what is where. This portion of the stack text from the 0xa bugcheck represents what I saw in 2 others:
Code:
STACK_TEXT:
000`00000000 : nt!KeBugCheckEx
a80`05def2c0 : nt!KiBugCheckDispatch+0x6e
000`00000000 : nt!KiPageFault+0x20b
000`00000000 : nt!KeBugCheckUnicodeToAnsi
000`7d05e121 : nt!ViBucheckProcessParams+0x17a
800`02ad3588 : nt!VfBugcheckThrowException+0x68
a80`07ad45a8 : nt!VfBugcheckThrowIoException+0xa3
a80`07ad4618 : nt!IovpCallDriver2+0x2a7
980`62c52e50 : nt!VfAfterCallDriver+0x1c6
a80`07ad4560 : nt!IovCallDriver+0x35f
880`0b90e9e0 : fltmgr!FltpDispatch+0x9d
a80`07a47610 : nt!IovCallDriver+0x34a
000`00000017 : nt!IopSynchronousCall+0x10a
000`00000308 : nt!IopRemoveDevice+0x101
000`00010282 : nt!PnpSurpriseRemoveLockedDeviceNode+0xe3
a60`01bc2bc8 : nt!PnpDeleteLockedDeviceNode+0x37
000`00000000 : nt!PnpDeleteLockedDeviceNodes+0xa0
000`00000000 : nt!PnpProcessQueryRemoveAndEject+0x6d8
000`4b706e50 : nt!PnpProcessTargetDeviceEvent+0x4c
a80`05a99040 : nt! ?? ::NNGAKEGL::`string'+0x4b5b4
000`00000080 : nt!ExpWorkerThread+0x11a
000`00000001 : nt!PspSystemThreadStartup+0x57
000`00000000 : nt!KiStartSystemThread+0x16
This could be about that external USB drive removal. Not sure. I suggest plugging it back in and running chkdsk /r on it. You should run the same on the OS drive.

I went through the loaded driver listings and pulled out what I could spot as non-Microsoft drivers. Some I have looked up and have questions on:

AVG - Make sure you are running v8.0.175 FREE x64 - released October 15, 2008. I don't have any system info to know if the free a/v is the edition you have - I went by some drivers that I found.

The rest of the list - There is nothing necessarily wrong with the newer ones, I just listed them b/c non-MS. The older ones may be an issue - and 2 that I cannot identify:
Code:
a1nu400s.SYS Sun Jul 20 20:17:14 2008 - cannot identify
ayepvqil.SYS Sun Jul 20 20:17:14 2008 - cannot identify

xusb21.sys   Tue Aug 28 13:04:19 2007 - Xbox 360 wireless receiver driver

netr28ux.sys Tue Nov 20 22:36:24 2007 - WLAN or LAN driver - not much info found on this

AsIO.sys     Mon Dec 17 04:11:49 2007 - related to Asus aacenter -?


sppq.sys     Wed Mar 05 19:34:27 2008 - signal  rediction priority queuing ??


ATITool64.sys Wed Aug 08 12:42:26 2007
    ?? https://www.softpedia.com/get/Tweak/V...verrider.shtml
     ?? CLSID = "{85B5DDD0-E090-4B15-BDF2-A443A3CA0B66}" "*ATIToolDevice"



yk60x64.sys  Thu Dec 06 08:50:34 2007 - Marvell Yukon Ethernet Controller NDIS6.0 Miniport Driver 
     ftp://ftp.sanguine.net/pub/sahughes/...ta/yk60x64.htm


Rtlh64.sys   Wed Jul 30 10:46:04 2008 - Realtek - up to date ? - I think new one out last week

nvlddmkm.sys Tue Oct 07 17:57:15 2008 - NVidia - up to date

cmudaxp.sys  Mon Jul 07 22:03:01 2008 - reported to be an Asus un-signed sound driver 
    https://vip.asus.com/forum/view.aspx?...Language=en-us


avgmfx64.sys Thu Jun 26 11:20:11 2008 - AVG
avgldx64.sys Mon Jul 14 14:47:25 2008 - AVG

L8042Kbd.sys Fri Feb 29 05:09:36 2008 - Logitech SetPoint Keyboard Driver 
LVUSBS64.sys Sat Jul 26 11:06:36 2008  Logitech USB Monitor Filter - kernel mode
lvuvc64.sys  Sat Jul 26 11:09:49 2008  Logitech QuickCam Pro driver - kernel 
LVPr2M64.sys Sat Jul 26 11:07:46 2008  Logitech - related to streaming video/ TV/ cable


.

I have no direct evidence to link any of these to the BSODs. But after looking them up - it is hard for me to believe that some of them are in a Vista x64 system.

Please check the red ones out - I cannot find anything on them; the blue ones are known to have been named in BSODs right here in this forum.

A bugcheck summary is below; dump logs attached.

Regards. . .

jcgriff2


.

.







Code:
BugCheck A, {0, 2, 0, fffff80002712d20}
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+20b )
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
BugCheck D6, {fffff900cc177000, 0, fffff960000f4404, 0}
Probably caused by : win32k.sys ( win32k!NtUserfnINDEVICECHANGE+1c0 )
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
BugCheck D6, {fffff900cc0f5000, 0, fffff96000144404, 0}
Probably caused by : win32k.sys ( win32k!NtUserfnINDEVICECHANGE+1c0 )
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
BugCheck 3B, {c0000005, fffff960000863b2, fffffa600c34c5c0, 0}
Probably caused by : win32k.sys ( win32k!EXLATEOBJ::vAddToCache+d6 )
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
BugCheck 24, {1904aa, fffffa60054e2b48, fffffa60054e2520, fffffa60012e5209}
Probably caused by : Ntfs.sys ( Ntfs!NtfsEncryptionCreateCallback+59 )
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
BugCheck 50, {fffffa600b6d8c50, 0, fffff800026ac00d, 0}
Probably caused by : win32k.sys ( win32k!HMFreeObject+12b )
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
.
Built by: 6001.22269.amd64fre.vistasp1_ldr.080917-1612
Debug session time: Mon Nov 17 02:52:40.730 2008 (GMT-5)
System Uptime: 0 days 1:47:43.172
BugCheck A, {0, 2, 0, fffff80002712d20}
Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+20b )
PROCESS_NAME:  System
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Built by: 6001.22269.amd64fre.vistasp1_ldr.080917-1612
Debug session time: Fri Nov 14 12:09:38.205 2008 (GMT-5)
System Uptime: 0 days 0:14:51.941
BugCheck D6, {fffff900cc177000, 0, fffff960000f4404, 0}
Probably caused by : win32k.sys ( win32k!NtUserfnINDEVICECHANGE+1c0 )
PROCESS_NAME:  nero.exe
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Built by: 6001.22269.amd64fre.vistasp1_ldr.080917-1612
Debug session time: Fri Nov 14 11:53:26.489 2008 (GMT-5)
System Uptime: 0 days 0:45:14.721
BugCheck D6, {fffff900cc0f5000, 0, fffff96000144404, 0}
Probably caused by : win32k.sys ( win32k!NtUserfnINDEVICECHANGE+1c0 )
PROCESS_NAME:  nero.exe
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Built by: 6001.22269.amd64fre.vistasp1_ldr.080917-1612
Debug session time: Fri Nov 14 08:59:35.941 2008 (GMT-5)
System Uptime: 0 days 11:07:31.498
BugCheck 3B, {c0000005, fffff960000863b2, fffffa600c34c5c0, 0}
Probably caused by : win32k.sys ( win32k!EXLATEOBJ::vAddToCache+d6 )
PROCESS_NAME:  GrabIt.exe
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Built by: 6001.22269.amd64fre.vistasp1_ldr.080917-1612
Debug session time: Thu Nov 13 21:50:09.812 2008 (GMT-5)
System Uptime: 0 days 6:52:32.941
BugCheck 24, {1904aa, fffffa60054e2b48, fffffa60054e2520, fffffa60012e5209}
Probably caused by : Ntfs.sys ( Ntfs!NtfsEncryptionCreateCallback+59 )
PROCESS_NAME:  googletalkplugi
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Built by: 6001.22269.amd64fre.vistasp1_ldr.080917-1612
Debug session time: Thu Nov 13 01:58:50.609 2008 (GMT-5)
System Uptime: 0 days 14:00:19.222
BugCheck 50, {fffffa600b6d8c50, 0, fffff800026ac00d, 0}
Probably caused by : win32k.sys ( win32k!HMFreeObject+12b )
PROCESS_NAME:  sidebar.exe
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
jcgriff2 is offline