Windows 7 Random Blue Screens Are Driving Me Insane!

Siben

New Member
I just installed Windows 7 shortly after Christmas and on Jan. 3rd I received my first bluescreen error.
I downloaded Debugging Tool for Windows (x64) and tried going through the DMP files but I don't know what to make of them.

I've only seen the system blue screen twice, the other 9 times it's blue screened when I have been afk and no one else has access to the system, it's just been sitting idle. One of the dmp files fingered AshServ.exe so I uninstalled Avast! to see if that would stop the problem, which it didn't.

It just seems totally random, the longest it's gone between BSOD's has been 7 days and I don't know what's been causing it. All of my drivers are up to date as well as all of my critical window's updates.

Here's a .rar of my Minidump folder:
Google Docs

And here's my dxdiag info:
DxDiag - Google Docs

Any information would be most appreciated.
 
Is there anything in the event viewer that might help lead to the problem. Maybe something is showing warnings or errors?

Have you found any way to provoke the blue screens? Is anything happening when it happens, like hard drive activity prior.
 
Siben:
Hello and welcome to the forums. This is the third time recently, I have looked through dmp files for members and they all have vague references to remnants of old antivirus products left over that may be conflicting with hardware drivers and resulting in blue screens. I will not even ask, how you uninstalled AVAST, because I don't want you to think that it may be completely uninstalled just go here, down load the utility and run it, if it doesn't find anything then no big deal. avast! Uninstall Utility Again, all of the major Antivirus manufacturers usually have their own such uninstallers and I would suggest that you download them and run them in the event that you have used any of those in the past and think that they are no longer on your system. I have uninstalled quite a few using the control panel programs and features uninstall procedure only to run the independent manufacturers uninstaller and watch it remove registry entries and files from the system 32 folder and elsewhere that where left over after the other uninstall had already run. So just because you can't see them, doesn't mean that they are completely gone.
 
I had a similar problem with random blue screens. A friend suggested to take some of my ram memory sticks as they might go bad. I had 4-1gig sticks, and took one out and it got better but I still got a blue screen once in a while. So I took out another stick and the am now down to 2 gigs ram and the computer has been bug free since, not one blue screen in over a month.
 
@Saltgrass: Both times I saw the computer blue screen with my own eyes I had Skype running, along with whatever processes run in the background, I don't believe anything processor intensive was running.

@Randy: Don't worry, I've got fairly thick skin and I didn't detect any brusqueness in your reply and I appreciate your directness. I will check Avast's site and use their uninstall utility and hopefully I'll have good news to report down the road. I'll keep monitoring the thread if anyone else has anything more they can add.

@djwayne: I have heard a lot of people having to do that so I downloaded and ran the WinDiag iso (Link Removed - Invalid URL) to thoroughly check the RAM and it returned no errors so I ruled out that possibility. Since I mostly use the PC for gaming I'm reluctant to reduce my current available RAM and I don't have the budget or feel the need to purchase more out-dated DDR2 sticks as I'm trying to save up for newer components.
 
Last edited:
Update!

Used the Avast! uninstall utility at 10pm EST, rebooted machine.

Machine blue screened at 1:04am EST.

Loaded up the DMP in winDbg:
Code:
Loading Dump File [C:\Windows\Minidump\012610-17046-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02860000 PsLoadedModuleList = 0xfffff800`02a9de50
Debug session time: Tue Jan 26 01:03:04.479 2010 (GMT-5)
System Uptime: 0 days 3:50:31.588
Loading Kernel Symbols
...............................................................
................................................................
.............
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1A, {41284, fffff980109f5001, d51d, fffff780c0000000}

Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+4ac3 )

Followup: MachineOwner
---------
did an !analyze -v. Here's the result:

Code:
1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041284, A PTE or the working set list is corrupt.
Arg2: fffff980109f5001
Arg3: 000000000000d51d
Arg4: fffff780c0000000

Debugging Details:
------------------


BUGCHECK_STR:  0x1a_41284

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  firefox.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff80002928a63 to fffff800028d1f00

STACK_TEXT:  
fffff880`087b7028 fffff800`02928a63 : 00000000`0000001a 00000000`00041284 fffff980`109f5001 00000000`0000d51d : nt!KeBugCheckEx
fffff880`087b7030 fffff800`02874137 : 00000000`0000d51d fffff880`087b72a8 fffffa80`022ac8e0 fffff880`087b7298 : nt! ?? ::FNODOBFM::`string'+0x4ac3
fffff880`087b7070 fffff800`02be5e35 : fffff980`109f5000 fffff8a0`0aca3660 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x2bf08
fffff880`087b7350 fffff800`028ead47 : 00000000`01300000 fffffa80`02d052a0 00000000`00000000 00000000`01780000 : nt!CcUnmapVacb+0x5d
fffff880`087b7390 fffff800`028f6857 : 00000000`c0000001 fffff880`009e47f0 00000000`00000005 fffffa80`0407a010 : nt!CcUnmapVacbArray+0x1b7
fffff880`087b7420 fffff880`01252f5c : 00000000`00fbf000 00000000`00fbf000 fffff8a0`09e9b7b0 fffffa80`03f02180 : nt!CcSetFileSizesEx+0x2a7
fffff880`087b74a0 fffff880`012ca6a0 : 00000000`00000000 7fffffff`ffffffff 00000000`00000fbf fffff880`088cb700 : Ntfs!NtfsSetBothCacheSizes+0x50
fffff880`087b7500 fffff880`012b88dd : fffff880`088cb730 fffffa80`02c25f20 00000000`00000001 00000000`00000000 : Ntfs!NtfsDeleteAllocation+0x2cc
fffff880`087b75e0 fffff880`012c5212 : fffff880`088cb730 00000000`00000001 fffff980`085d6838 00000000`00000001 : Ntfs!NtfsDeleteAllocationFromRecord+0x16d
fffff880`087b76a0 fffff880`012dec0a : fffff880`088cb730 fffff8a0`09e9b680 fffff8a0`02a2fb10 fffff880`087b799c : Ntfs!NtfsDeleteFile+0x346
fffff880`087b7920 fffff880`0124caa9 : 00000000`00000000 00000000`00000000 fffff880`088cb690 fffffa80`02cb9b60 : Ntfs!NtfsCommonCleanup+0x15da
fffff880`087b7d30 fffff800`028c9d87 : fffff880`088cb690 00000000`00000000 00000000`7ef56000 00000000`0fcdfc80 : Ntfs!NtfsCommonCleanupCallout+0x19
fffff880`087b7d60 fffff800`028c9d41 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KySwitchKernelStackCallout+0x27
fffff880`088cb560 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt! ?? ::FNODOBFM::`string'+4ac3
fffff800`02928a63 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt! ?? ::FNODOBFM::`string'+4ac3

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

FAILURE_BUCKET_ID:  X64_0x1a_41284_nt!_??_::FNODOBFM::_string_+4ac3

BUCKET_ID:  X64_0x1a_41284_nt!_??_::FNODOBFM::_string_+4ac3

Followup: MachineOwner
---------
I was running Skype and Firefox, watching a video on youtube.

I guess in the morning I'm going to bite the bullet and try pulling the RAM and replacing it with the original 1 gig I had bought for the machine 2 years ago that I still have sitting around.

If it blue screens again I'm just going to back up and wipe the drive and attempt a fresh install.
 
Sweet! New blue screen: Page fault in nonpaged area.

Code:
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffffaae8373801b, 0, fffff800028a4d3b, 5}


Could not read faulting driver name
Probably caused by : memory_corruption ( nt!MiAgeWorkingSet+41b )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffaae8373801b, memory referenced.
Arg2: 0000000000000000, value 0 = read operation, 1 = write operation.
Arg3: fffff800028a4d3b, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000005, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002ac70e0
 fffffaae8373801b 

FAULTING_IP: 
nt!MiAgeWorkingSet+41b
fffff800`028a4d3b 410fb65f1b      movzx   ebx,byte ptr [r15+1Bh]

MM_INTERNAL_CODE:  5

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  System

CURRENT_IRQL:  0

TRAP_FRAME:  fffff880031167a0 -- (.trap 0xfffff880031167a0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000058000000000 rbx=0000000000000000 rcx=fffff6fcc00b2680
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800028a4d3b rsp=fffff88003116930 rbp=007ffffcc00b2680
 r8=0000000000000001  r9=fffff80002a1be00 r10=0000000000000005
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
nt!MiAgeWorkingSet+0x41b:
fffff800`028a4d3b 410fb65f1b      movzx   ebx,byte ptr [r15+1Bh] ds:2788:00000000`0000001b=??
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff8000290eb91 to fffff80002890f00

STACK_TEXT:  
fffff880`03116638 fffff800`0290eb91 : 00000000`00000050 fffffaae`8373801b 00000000`00000000 fffff880`031167a0 : nt!KeBugCheckEx
fffff880`03116640 fffff800`0288efee : 00000000`00000000 f8a00f81`26800400 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x40f5b
fffff880`031167a0 fffff800`028a4d3b : 00000000`003f1000 01400000`4a494921 00000000`00000000 00000000`00005814 : nt!KiPageFault+0x16e
fffff880`03116930 fffff800`02911a0e : fffff800`02a1be00 fffff880`00000001 00000000`00000001 fffff880`03116bb0 : nt!MiAgeWorkingSet+0x41b
fffff880`03116ae0 fffff800`028a56e2 : 00000000`000041f1 00000000`00000000 fffffa80`00000000 00000000`00000002 : nt! ?? ::FNODOBFM::`string'+0x49926
fffff880`03116b80 fffff800`028a596f : 00000000`00000008 fffff880`03116c10 00000000`00000001 fffffa80`00000000 : nt!MmWorkingSetManager+0x6e
fffff880`03116bd0 fffff800`02b34166 : fffffa80`027e9040 00000000`00000080 fffffa80`0275cb30 00000000`00000001 : nt!KeBalanceSetManager+0x1c3
fffff880`03116d40 fffff800`0286f486 : fffff800`02a09e80 fffffa80`027e9040 fffff800`02a17c40 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03116d80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxStartSystemThread+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!MiAgeWorkingSet+41b
fffff800`028a4d3b 410fb65f1b      movzx   ebx,byte ptr [r15+1Bh]

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  nt!MiAgeWorkingSet+41b

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc600

IMAGE_NAME:  memory_corruption

FAILURE_BUCKET_ID:  X64_0x50_nt!MiAgeWorkingSet+41b

BUCKET_ID:  X64_0x50_nt!MiAgeWorkingSet+41b

Followup: MachineOwner
---------

So, I'm guessing that "Some register values may be zeroed or incorrect." means there's something wrong in the registry?
 
Nope, those are CPU registers, that interact with your memory. Google it. You need to check for heat issues, or try swapping in and out different memory, and or reseat everything, including the processor with some new heatsink thermal compound, blow out dust from everything including all heat sink areas and make sure fans are clear and functioning properly
 
Hrm, ok I'll try it. I cleaned all the dust out of the case last month but I'll do it again. CPU temp when I just rebooted was 39 deg. C
I also just checked windows update and saw there was a reliability update so I just installed that as well.
 
Back
Top