Windows 7 BSOD are back and caused by ntkrnlmp.exe

Masood

New Member
Hi

I am getting BSODs because of that damn ntkrnlmp.exe. here is the dumps link <https://skydrive.live.com/redir?resid=EBEAB13E9C29DDAC!125>. Could anyone plz help me on how to resolve this ntkrnlmp.exe file. Thanks.

Masood.
 

Attachments

  • Minidump.zip
    53.2 KB · Views: 214
Not completely sure but it appears the storport.sys driver might be involved.

ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (fc)
An attempt was made to execute non-executable memory.

It may be getting caught with something else, or I could be misreading the report. Are you running a RAID install?

I am not the expert here...more guidance should be coming.
 
Storport has been reported for several difficulties. It's listed as a problem in Microsoft. Not perhaps a true virus, but malicious, or like a hooligan.

I'd suggest you cut it out. It doesn't perform any necessary duties.
 
I have the same file on my system, but it is not running. I believe it is part of the Intel RAID driver and may be installed when you load an AHCI driver for your SATA.

Another process that was mentioned was NMIndexStoreSv.exe. From what I can find, it seems to be related to Nero. Do you have or did have Nero Installed?
 
Yes. i have Nero and I have managed to gain control of storport.sys from TrustedInstaller and renamed the file to 1.sys so it wouldnt be used. should i keep it for safekeeping or delete it? remove Nero too?

Here is the link that shows how to take control of the system files
http://www.youtube.com/watch?v=y9TOWxZGbJc

Thanks.
 
Last edited:
Since I have the file, I see not reason why you would need to remove it. A System File Check may even replace it, but not sure. But something is causing it to run, possibly Nero. If you had a hard drive setup as dynamic, it might start the driver, but again not sure. Are you using the Virtual drives in Nero?

And again, the dump files will catch processes that are not really connected to the actual problem. Nero could very well be involved, but you should be able to keep parts of it from starting, using msconfig.exe, to test.
 
Thanks Saltgrass. i will disable nero from msconfig and run the tests. Hopefully that will cure the BSODs. By the way how do you debug the dump files? I just open the dump in Windbg but it doesnt show which drivers causing the crash.
 
I am probably the wrong person to ask about such things, but your dump files were a little different from those I have seen before. It states in the explanation of the Bug Check code, FC, the guilty driver is on the stack trace. The stack, at the bottom of the insert, shows storport. Beyond that, I check the process involved and it pointed to Nero. The first dump file point to javaw.exe as being involved. But being involved does not mean responsible.

Anyway, hopefully it will help you track down the problem.

Code:
[SIZE=1]ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (fc)
An attempt was made to execute non-executable memory.  The guilty driver
is on the stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: fffff880010e383e, Virtual address for the attempted execute.
Arg2: 8000000003ba1963, PTE contents.
Arg3: fffff8800257d810, (reserved)
Arg4: 0000000000000002, (reserved)

Debugging Details:
------------------


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xFC

PROCESS_NAME:  javaw.exe

CURRENT_IRQL:  0

TRAP_FRAME:  fffff8800257d810 -- (.trap 0xfffff8800257d810)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800d160b01 rbx=0000000000000000 rcx=fffffa800d160b50
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff880010e383e rsp=fffff8800257d9a0 rbp=fffff8800257dc00
 r8=0000000000000000  r9=0000000000000727 r10=fffffa800d5a0030
r11=fffff8800257d701 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
storport!RaDriverScsiIrp <PERF> (storport+0x83e):
fffff880`010e383e 0000            add     byte ptr [rax],al ds:d7a0:fffffa80`0d160b01=??
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80002e75bb4 to fffff80002ecdfc0

STACK_TEXT:  
fffff880`0257d6a8 fffff800`02e75bb4 : 00000000`000000fc fffff880`010e383e 80000000`03ba1963 fffff880`0257d810 : nt!KeBugCheckEx
fffff880`0257d6b0 fffff800`02ecc0ee : 00000000`00000008 fffff880`010e383e 00000000`00000000 fffff880`0257da10 : nt! ?? ::FNODOBFM::`string'+0x44dbc
fffff880`0257d810 fffff880`010e383e : fffff880`0257da10 fffffa80`12471df8 00000000`00000000 00000000`11a1e900 : nt!KiPageFault+0x16e
fffff880`0257d9a0 fffff880`0257da10 : fffffa80`12471df8 00000000`00000000 00000000`11a1e900 fffffa80`0d498cf0 : [COLOR=#ff0000]storport[/COLOR]!RaDriverScsiIrp <PERF> (storport+0x83e)
fffff880`0257d9a8 fffffa80`12471df8 : 00000000`00000000 00000000`11a1e900 fffffa80`0d498cf0 fffffa80`12471df8 : 0xfffff880`0257da10
fffff880`0257d9b0 00000000`00000000 : 00000000`11a1e900 fffffa80`0d498cf0 fffffa80`12471df8 fffff880`0257db00 : 0xfffffa80`12471df8[/SIZE]
 
Here is the Echo.zip file that contains all the dumps and their details. I used usasma's method to create that zip. If you can look at it and reply back that would be appreciated. Thanks.

Masood.
 

Attachments

  • Echo.zip
    1.6 MB · Views: 1,342
It would point towards Storport. Microsoft has fixes for it, just Google it.
 
That's a part of the art for fixing these things - the dumps don't always tell you what's wrong!

Sorry for the delay in responding, but I was without power for 3 days due to Hurricane Sandy.

I'll be back this afternoon to have a look at the entire topic and will offer some advice then
 
Thanks so much John. It has not crashed yet...will restart again tonight and run 3dmark11 to test...will update tomorrow on this.
 
It has been a couple of days after installing the fix, so I think the problem is resolved now. Thanks much all of you for the help. Masood.
 
I'm glad to hear that it's fixed.
Thanks for letting us know!
 
Back
Top