BSOD are back and caused by ntkrnlmp.exe

Discussion in 'Windows 7 Blue Screen of Death (BSOD)' started by Masood, Oct 29, 2012.

  1. Masood

    Masood New Member

    Joined:
    Oct 29, 2012
    Messages:
    20
    Likes Received:
    0
    Hi

    I am getting BSODs because of that damn ntkrnlmp.exe. here is the dumps link <https://skydrive.live.com/redir?resid=EBEAB13E9C29DDAC!125>. Could anyone plz help me on how to resolve this ntkrnlmp.exe file. Thanks.

    Masood.
     

    Attached Files:

  2. Saltgrass

    Saltgrass Excellent Member
    Microsoft Community Contributor

    Joined:
    Oct 16, 2009
    Messages:
    15,157
    Likes Received:
    393
    Not completely sure but it appears the storport.sys driver might be involved.

    It may be getting caught with something else, or I could be misreading the report. Are you running a RAID install?

    I am not the expert here...more guidance should be coming.
     
  3. Pauli

    Pauli Extraordinary Member
    Premium Supporter

    Joined:
    Mar 1, 2012
    Messages:
    2,499
    Likes Received:
    211
    Storport has been reported for several difficulties. It's listed as a problem in Microsoft. Not perhaps a true virus, but malicious, or like a hooligan.

    I'd suggest you cut it out. It doesn't perform any necessary duties.
     
  4. Masood

    Masood New Member

    Joined:
    Oct 29, 2012
    Messages:
    20
    Likes Received:
    0
    Whats Storport? How do I check if it is installed and where? Thanks.
     
  5. Masood

    Masood New Member

    Joined:
    Oct 29, 2012
    Messages:
    20
    Likes Received:
    0
    No. I dont have RAID.
     
  6. Masood

    Masood New Member

    Joined:
    Oct 29, 2012
    Messages:
    20
    Likes Received:
    0
    I am trying to delete storport.sys but I dont have permission. How do I get myself permission?
     
  7. Saltgrass

    Saltgrass Excellent Member
    Microsoft Community Contributor

    Joined:
    Oct 16, 2009
    Messages:
    15,157
    Likes Received:
    393
    I have the same file on my system, but it is not running. I believe it is part of the Intel RAID driver and may be installed when you load an AHCI driver for your SATA.

    Another process that was mentioned was NMIndexStoreSv.exe. From what I can find, it seems to be related to Nero. Do you have or did have Nero Installed?
     
  8. Masood

    Masood New Member

    Joined:
    Oct 29, 2012
    Messages:
    20
    Likes Received:
    0
    Yes. i have Nero and I have managed to gain control of storport.sys from TrustedInstaller and renamed the file to 1.sys so it wouldnt be used. should i keep it for safekeeping or delete it? remove Nero too?

    Here is the link that shows how to take control of the system files
    http://www.youtube.com/watch?v=y9TOWxZGbJc

    Thanks.
     
    #8 Masood, Oct 30, 2012
    Last edited: Oct 30, 2012
  9. Saltgrass

    Saltgrass Excellent Member
    Microsoft Community Contributor

    Joined:
    Oct 16, 2009
    Messages:
    15,157
    Likes Received:
    393
    Since I have the file, I see not reason why you would need to remove it. A System File Check may even replace it, but not sure. But something is causing it to run, possibly Nero. If you had a hard drive setup as dynamic, it might start the driver, but again not sure. Are you using the Virtual drives in Nero?

    And again, the dump files will catch processes that are not really connected to the actual problem. Nero could very well be involved, but you should be able to keep parts of it from starting, using msconfig.exe, to test.
     
  10. Masood

    Masood New Member

    Joined:
    Oct 29, 2012
    Messages:
    20
    Likes Received:
    0
    Thanks Saltgrass. i will disable nero from msconfig and run the tests. Hopefully that will cure the BSODs. By the way how do you debug the dump files? I just open the dump in Windbg but it doesnt show which drivers causing the crash.
     
  11. Saltgrass

    Saltgrass Excellent Member
    Microsoft Community Contributor

    Joined:
    Oct 16, 2009
    Messages:
    15,157
    Likes Received:
    393
    I am probably the wrong person to ask about such things, but your dump files were a little different from those I have seen before. It states in the explanation of the Bug Check code, FC, the guilty driver is on the stack trace. The stack, at the bottom of the insert, shows storport. Beyond that, I check the process involved and it pointed to Nero. The first dump file point to javaw.exe as being involved. But being involved does not mean responsible.

    Anyway, hopefully it will help you track down the problem.

    Code:
    [SIZE=1]ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (fc)
    An attempt was made to execute non-executable memory.  The guilty driver
    is on the stack trace (and is typically the current instruction pointer).
    When possible, the guilty driver's name (Unicode string) is printed on
    the bugcheck screen and saved in KiBugCheckDriver.
    Arguments:
    Arg1: fffff880010e383e, Virtual address for the attempted execute.
    Arg2: 8000000003ba1963, PTE contents.
    Arg3: fffff8800257d810, (reserved)
    Arg4: 0000000000000002, (reserved)
    
    Debugging Details:
    ------------------
    
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    BUGCHECK_STR:  0xFC
    
    PROCESS_NAME:  javaw.exe
    
    CURRENT_IRQL:  0
    
    TRAP_FRAME:  fffff8800257d810 -- (.trap 0xfffff8800257d810)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=fffffa800d160b01 rbx=0000000000000000 rcx=fffffa800d160b50
    rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff880010e383e rsp=fffff8800257d9a0 rbp=fffff8800257dc00
     r8=0000000000000000  r9=0000000000000727 r10=fffffa800d5a0030
    r11=fffff8800257d701 r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl zr na po nc
    storport!RaDriverScsiIrp <PERF> (storport+0x83e):
    fffff880`010e383e 0000            add     byte ptr [rax],al ds:d7a0:fffffa80`0d160b01=??
    Resetting default scope
    
    LAST_CONTROL_TRANSFER:  from fffff80002e75bb4 to fffff80002ecdfc0
    
    STACK_TEXT:  
    fffff880`0257d6a8 fffff800`02e75bb4 : 00000000`000000fc fffff880`010e383e 80000000`03ba1963 fffff880`0257d810 : nt!KeBugCheckEx
    fffff880`0257d6b0 fffff800`02ecc0ee : 00000000`00000008 fffff880`010e383e 00000000`00000000 fffff880`0257da10 : nt! ?? ::FNODOBFM::`string'+0x44dbc
    fffff880`0257d810 fffff880`010e383e : fffff880`0257da10 fffffa80`12471df8 00000000`00000000 00000000`11a1e900 : nt!KiPageFault+0x16e
    fffff880`0257d9a0 fffff880`0257da10 : fffffa80`12471df8 00000000`00000000 00000000`11a1e900 fffffa80`0d498cf0 : [COLOR=#ff0000]storport[/COLOR]!RaDriverScsiIrp <PERF> (storport+0x83e)
    fffff880`0257d9a8 fffffa80`12471df8 : 00000000`00000000 00000000`11a1e900 fffffa80`0d498cf0 fffffa80`12471df8 : 0xfffff880`0257da10
    fffff880`0257d9b0 00000000`00000000 : 00000000`11a1e900 fffffa80`0d498cf0 fffffa80`12471df8 fffff880`0257db00 : 0xfffffa80`12471df8[/SIZE]
    
    
     
  12. Masood

    Masood New Member

    Joined:
    Oct 29, 2012
    Messages:
    20
    Likes Received:
    0
    Here is the Echo.zip file that contains all the dumps and their details. I used usasma's method to create that zip. If you can look at it and reply back that would be appreciated. Thanks.

    Masood.
     

    Attached Files:

  13. Pauli

    Pauli Extraordinary Member
    Premium Supporter

    Joined:
    Mar 1, 2012
    Messages:
    2,499
    Likes Received:
    211
    It would point towards Storport. Microsoft has fixes for it, just Google it.
     
  14. Masood

    Masood New Member

    Joined:
    Oct 29, 2012
    Messages:
    20
    Likes Received:
    0
    I have a hotfixes...now we ll wait and see if it works. Thanks. Titanic.
     
    #14 Masood, Nov 1, 2012
    Last edited: Nov 1, 2012
  15. usasma

    usasma Fantastic Member
    Microsoft Community Contributor

    Joined:
    Mar 22, 2010
    Messages:
    3,048
    Likes Received:
    83
    That's a part of the art for fixing these things - the dumps don't always tell you what's wrong!

    Sorry for the delay in responding, but I was without power for 3 days due to Hurricane Sandy.

    I'll be back this afternoon to have a look at the entire topic and will offer some advice then
     
  16. Masood

    Masood New Member

    Joined:
    Oct 29, 2012
    Messages:
    20
    Likes Received:
    0
    Thanks so much John. It has not crashed yet...will restart again tonight and run 3dmark11 to test...will update tomorrow on this.
     
  17. Masood

    Masood New Member

    Joined:
    Oct 29, 2012
    Messages:
    20
    Likes Received:
    0
    It has been a couple of days after installing the fix, so I think the problem is resolved now. Thanks much all of you for the help. Masood.
     
  18. usasma

    usasma Fantastic Member
    Microsoft Community Contributor

    Joined:
    Mar 22, 2010
    Messages:
    3,048
    Likes Received:
    83
    I'm glad to hear that it's fixed.
    Thanks for letting us know!
     

Share This Page

Loading...