Windows 7 Windows 7 Blue screen with ntoskrnl.exe

pmazoyer

New Member
Joined
Jun 5, 2010
Messages
84
Hello

I use Windows7 64bits. I have a blue screen since 2 days with the message below

On Sat 05/06/2010 11:21:40 your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x50 (0xFFFFFA980145D3EB, 0x0, 0xFFFFF80002C9D4FF, 0x5)
Error: PAGE_FAULT_IN_NONPAGED_AREA
Dump file: C:\Windows\Minidump\060510-13962-01.dmp
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.




It happens at any time, last time it was when I was surfing on the net. The PC starts ok and after a while.. boom.. blue screen..sometimes it's after 10minutes, sometimes after 1 hour work, sometimes more !

can you help please ?

Do I have to replace this file ntoskrnl.exe that might be corrupted ?

Where can I get on the net a safe new file ?

thanks
pascal
 


Solution
Your Avira could definitely well be causing the 0x50 errors. I would uninstall that and then install MSE as a replacement.

Your Intel storage filter drivers are out of date and need updating. Please visit Intel's website and let it scan to find the latest drivers and install.

Code:
iaStorV  iaStorV.sys  Wed Apr 08 12:57:17 2009
Link Removed

These two things done should fix it for you. All your other drivers look well. If not, test memory as previously advised. Good luck.

This driver could be causing the crashes also:
Code:
GEARAspiWDM GEARAspiWDM.sys Mon May 18 08:17:04 2009

If you can't figure out the problem, then uninstall iTunes to test.
Bad news, it came back

I have been happy for 24 hours and suddenly 5 minutes ago...blue screen !!!

Avira was removed, Itunes also !

grrrr

I attached the dmp file

Do you see anything else ?

thanks for your help


[FONT=Segoe UI, Arial]On Tue 08/06/2010 17:41:00 your computer crashed
This was likely caused by the following module: [FONT=Segoe UI, Arial]ntoskrnl.exe[/FONT]
Bugcheck code: 0x50 (0xFFFFFA9808ED9128, 0x0, 0xFFFFF80002C99D99, 0x5)
Error: [FONT=Segoe UI, Arial]PAGE_FAULT_IN_NONPAGED_AREA[/FONT]
Dump file: C:\Windows\Minidump\060810-14040-01.dmp
[/FONT][FONT=Segoe UI, Arial]file path: C:\Windows\system32\ntoskrnl.exe
product: [FONT=Segoe UI, Arial]Microsoft® Windows® Operating System[/FONT]
company: [FONT=Segoe UI, Arial]Microsoft Corporation[/FONT]
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.
[/FONT][FONT=Segoe UI, Arial]
[/FONT]
 


Attachments

Last edited:
this does look like a memory problem to me and although you said you had run memtest what version was that and how long for and did you swap the sticks around ?

you could also try running with only one memory stick installed and see if the system stabilizes as this could be one bad stick or voltage / timing problems or a bad slot on the motherboard ?

be aware do not void your warranty as this could be a machine or component RMA ?
 


The latest dump file is not a Driver Verifier enabled one, which if it had been, may have pinpointed the faulting driver.

Code:
Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffffa9808ed9128, 0, fffff80002c99d99, 5}


Could not read faulting driver name
Probably caused by : memory_corruption ( nt!MiDeletePfnList+e9 )

Followup: MachineOwner

The Intel Matrix Storage driver was never updated:
Code:
iaStorV  iaStorV.sys  Wed Apr 08 12:57:17 2009
 


I stopped the installation as the system is telling me that my current system is version 9.6.0.104 while your link allows to download a pack version 8.9.0.1023

an older one....

you know why ?
 


If I take into account information published on Intel download center site :

version 9.6.0.1014 corresponds to the latest version of Rapid Storage Technology while version 8.9.0.1023 corresponds to the latest version of Matrix Storage Manager !!

What is the difference between the 2 ?

Different names but it looks they do the same at the end !

in this case, do I have to reinstall Rapid Storage Technology v9.6.0.1014 ?




Link Removed due to 404 Error

Supports SATA RAID 5/10 on specific desktop platforms, SATA RAID 0/1, AHCI, and matrix RAID on specific desktop and mobile platforms
OS: Windows 7*, Windows 7, 32-bit*, Windows 7, 64-bit....More Windows 7*, Windows 7, 32-bit*, Windows 7, 64-bit*, Windows Server 2003 Enterprise x64 Edition*, Windows Server 2003 Standard Edition*, Windows Server 2003 Standard x64 Edition*, Windows Server 2003*, Windows Server 2008*, Windows Vista 32*, Windows Vista 64*, Windows Vista*, Windows XP Home Edition*, Windows XP Media Center Edition*, Windows XP Professional x64 Edition*, Windows XP Professional*>

3/23/2010

9.​6.​0.​1014

Latest

Drivers

Intel(R) Matrix Storage Manager

Supports SATA RAID 5/10 on specific desktop platforms, SATA RAID 0/1, AHCI, and matrix RAID on specific desktop and mobile platforms
OS: Windows 7*, Windows 7, 32-bit*, Windows 7, 64-bit....More Windows 7*, Windows 7, 32-bit*, Windows 7, 64-bit*, Windows Server 2003 Enterprise x64 Edition*, Windows Server 2003 Standard Edition*, Windows Server 2003 Standard x64 Edition*, Windows Server 2003*, Windows Server 2008*, Windows Vista 32*, Windows Vista 64*, Windows Vista*, Windows XP Home Edition*, Windows XP Media Center Edition*, Windows XP Professional x64 Edition*, Windows XP Professional*>

7/17/2009

8.​9.​0.​1023

Previously released

Drivers
 


New Blue screen

[FONT=Segoe UI, Arial]On Wed 09/06/2010 04:10:19 your computer crashed
This was likely caused by the following module: [FONT=Segoe UI, Arial]ntoskrnl.exe[/FONT]
Bugcheck code: 0x1A (0x41790, 0xFFFFFA8001CACEB0, 0xFFFF, 0x0)
Error: [FONT=Segoe UI, Arial]MEMORY_MANAGEMENT[/FONT]
Dump file: C:\Windows\Minidump\060910-13759-01.dmp
[/FONT][FONT=Segoe UI, Arial]file path: C:\Windows\system32\ntoskrnl.exe
product: [FONT=Segoe UI, Arial]Microsoft® Windows® Operating System[/FONT]
company: [FONT=Segoe UI, Arial]Microsoft Corporation[/FONT]
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.
[/FONT][FONT=Segoe UI, Arial]
same cause
[/FONT][FONT=Segoe UI, Arial][FONT=Segoe UI, Arial]ntoskrnl.exe[/FONT][/FONT]
[FONT=Segoe UI, Arial]
but different message : MEMORY MANAGEMENT

see file attached
[/FONT]
 


Attachments

It has something to do with a driver unloading a font from memory incorrectly, but we can not tell which because you haven't enabled Driver Verifier as previously suggested numerous times. From the dump:

Code:
FAILURE_BUCKET_ID:  X64_0x1a_41790_win32k![COLOR=Red]EngUnmapFontFileFD[/COLOR]+8a

BUCKET_ID:  X64_0x1a_41790_win32k![COLOR=Red]EngUnmapFontFileFD[/COLOR]+8a

Followup: MachineOwner
and

Code:
STACK_TEXT:  
fffff880`0a04b1d8 fffff800`02ef3ede : 00000000`0000001a 00000000`00041790 fffffa80`01caceb0 00000000`0000ffff : nt!KeBugCheckEx
fffff880`0a04b1e0 fffff800`02eb3cc9 : fffff880`00000000 00000000`01624fff fffff900`00000000 fffff900`c2eec000 : nt! ?? ::FNODOBFM::`string'+0x33946
fffff880`0a04b3a0 fffff800`0319a170 : fffffa80`0a141210 0007ffff`00000000 fffffa80`0ebfda90 fffffa80`0ebfda90 : nt!MiRemoveMappedView+0xd9
fffff880`0a04b4c0 fffff960`0008855e : fffff900`00000000 fffff900`c0d0f6e8 fffff900`00000001 fffff900`c296e2c0 : nt!MiUnmapViewOfSection+0x1b0
fffff880`0a04b580 fffff960`002aa79b : fffff900`c0d0f360 00000000`00000059 fffffa80`00000040 00000000`00000000 : win32k![COLOR=Red]EngUnmapFontFileFD[/COLOR]+0x8a
fffff880`0a04b5e0 fffff960`00271ac6 : fffff960`002aa710 fffff880`0a04b700 fffff900`c0d0f680 00000000`0024ea04 : win32k!ttfdSem[COLOR=Red]DestroyFont[/COLOR]+0x8b
fffff880`0a04b610 fffff960`0026fcfa : fffffa80`0dbb6560 fffff880`0a04b710 fffff880`0a04b770 fffff880`0a04b970 : win32k!PDEVOBJ::[COLOR=Red]DestroyFont[/COLOR]+0xf2
fffff880`0a04b680 fffff960`00097ac7 : fffffa80`0dbb6560 fffff900`c296e2c0 fffff900`c008a010 00000000`7755950c : win32k!RFONTOBJ::vDeleteRFONT+0x4a
fffff880`0a04b6f0 fffff960`000974e7 : fffff900`c296e2c0 fffff880`0a04b790 fffff900`c296e2c0 fffff880`0a04b970 : win32k!RFONTOBJ::bMakeInactiveHelper+0x427
fffff880`0a04b770 fffff960`00098aac : fffff900`c09dc7f0 00000000`00000000 fffff880`0a04b970 fffff880`0a04b9c0 : win32k!RFONTOBJ::vMakeInactive+0xa3
fffff880`0a04b810 fffff960`0023e840 : 00000000`00000080 00000000`000cfd20 fffff880`00000000 fffff960`00000002 : win32k!RFONTOBJ::bInit+0x1ec
fffff880`0a04b930 fffff960`00217ab9 : 00000000`00000000 fffff960`000e68f4 00000000`7efdb001 fffff880`0a04bb50 : win32k!GreGetGlyphOutlineInternal+0xec
fffff880`0a04baf0 fffff800`02e7f853 : 00000000`130112b6 fffff960`001f0059 fffff880`00000080 00000000`00249f6c : win32k!NtGdiGetGlyphOutline+0x105
fffff880`0a04bbb0 00000000`73441daa : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`000ce188 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73441daa
For now until you give us a Driver Verifier enabled dump, I'd open an elevated command prompt and run this command in it:

Code:
sfc /scannow

and I'd also download/install Malwarebytes and let it scan the system for malware.
 


Last edited:
I run
sfc /scannow

and nothing wrong to report but the result disappear quickly. Where to find the
log report on it ?


I also downloaded Malwarebytes and it found nothing after a complete scan !

I guess I have to use driver verifier. The process seems a bit complex but I'll try
 


I did it

2) If still problems, enable Driver Verifier then post a crash dump with this going. Here's how:

Link Removed


What should I do now ?
 


Use the pc normally and wait for a crash to happen. Then upload the latest mindump file after rar or zip compressing it.
 


Report from

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Version de la base de données: 4183

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09/06/2010 18:09:05
mbam-log-2010-06-09 (18-09-05).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 127923
Temps écoulé: 3 minute(s), 58 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
 


I launched another one...a complete one this time and it found one malware that I have removed. It was not a virus but just in case... I removed it

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Version de la base de données: 4183

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09/06/2010 23:08:42
mbam-log-2010-06-09 (23-08-42).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 276217
Temps écoulé: 1 heure(s), 28 minute(s), 49 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\pascal\Desktop\Photos_Vidéo\Photoshop_CS5\Ne_pas_Utiliser\Keygen\adobe_PS_CS5_keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
 


ok latest status

yesterday, I run memtest86+ 4.10

I started to have problems. All my sticks were red !

then I removed all of them from the PC and install them one by one....the PC did not want to restart !

then I put all of them inside the PC and the PC decided to start again !!

then I run memtest, 2 times and no problem detected !

really bizarre...

I have also updated the Intel drivers (9.1.1.1025)

installation went ok

then I found on the net this one...

Intel Chipset Software Installation Utility 9.1.2.1007

I started to install it but the PC crashed/ stopped two times (dmp files attached).

Caused by Driver verifier ?

[FONT=&quot]On Thu 10/06/2010 21:53:10 your computer crashed[/FONT][FONT=&quot]
This was likely caused by the following module: [/FONT]
[FONT=&quot]ntoskrnl.exe[/FONT][FONT=&quot]
Bugcheck code: 0xC4 (0x62, 0xFFFFFA80092E6F20, 0xFFFFFA80092E6C80, 0xC)
Error: [/FONT]
[FONT=&quot]DRIVER_VERIFIER_DETECTED_VIOLATION[/FONT][FONT=&quot]
Dump file: C:\Windows\Minidump\061010-18720-01.dmp
file path: C:\Windows\system32\ntoskrnl.exe
product: [/FONT]
[FONT=&quot]Microsoft® Windows® Operating System[/FONT][FONT=&quot]
company: [/FONT]
[FONT=&quot]Microsoft Corporation[/FONT][FONT=&quot]
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.

[/FONT]
[FONT=&quot]On Thu 10/06/2010 21:49:14 your computer crashed[/FONT][FONT=&quot]
This was likely caused by the following module: [/FONT]
[FONT=&quot]ntoskrnl.exe[/FONT][FONT=&quot]
Bugcheck code: 0xC4 (0x62, 0xFFFFFA80092AC4E0, 0xFFFFFA80092AC240, 0xC)
Error: [/FONT]
[FONT=&quot]DRIVER_VERIFIER_DETECTED_VIOLATION[/FONT][FONT=&quot]
Dump file: C:\Windows\Minidump\061010-18486-01.dmp
file path: C:\Windows\system32\ntoskrnl.exe
product: [/FONT]
[FONT=&quot]Microsoft® Windows® Operating System[/FONT][FONT=&quot]
company: [/FONT]
[FONT=&quot]Microsoft Corporation[/FONT][FONT=&quot]
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.[/FONT]
[FONT=&quot][/FONT]


therefore I deciced NOT to install it again

and PC seems to work fine now...

I attached latest dmp files

do you see anything special following the set up of "driver verifier"
 


Attachments

Last edited:
Both of the Driver Verifier dumps point to your video card driver causing issues:

Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [E:\Temp\Rar$DI00.646\061010-18720-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Machine Name:
Kernel base = 0xfffff800`02e61000 PsLoadedModuleList = 0xfffff800`0309ee50
Debug session time: Thu Jun 10 17:52:14.604 2010 (UTC - 4:00)
System Uptime: 0 days 0:03:20.806
Loading Kernel Symbols
...............................................................
................................................................
..................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck C4, {62, fffffa80092e6f20, fffffa80092e6c80, c}

Unable to load image \SystemRoot\system32\DRIVERS\atikmpag.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for atikmpag.sys
*** ERROR: Module load completed but symbols could not be loaded for atikmpag.sys
*** WARNING: Unable to verify timestamp for atikmdag.sys
*** ERROR: Module load completed but symbols could not be loaded for atikmdag.sys
Probably caused by : atikmdag.sys

Followup: MachineOwner
---------

6: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_VERIFIER_DETECTED_VIOLATION (c4)
A device driver attempting to corrupt the system has been caught.  This is
because the driver was specified in the registry as being suspect (by the
administrator) and the kernel has enabled substantial checking of this driver.
If the driver attempts to corrupt the system, bugchecks 0xC4, 0xC1 and 0xA will
be among the most commonly seen crashes.
Arguments:
Arg1: 0000000000000062, A driver has forgotten to free its pool allocations prior to unloading.
Arg2: fffffa80092e6f20, name of the driver having the issue.
Arg3: fffffa80092e6c80, verifier internal structure with driver information.
Arg4: 000000000000000c, total # of (paged+nonpaged) allocations that weren't freed.
    Type !verifier 3 drivername.sys for info on the allocations
    that were leaked that caused the bugcheck.

Debugging Details:
------------------


BUGCHECK_STR:  0xc4_62

IMAGE_NAME:  atikmdag.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4be0ccae

MODULE_NAME: atikmdag

FAULTING_MODULE: fffff88004a05000 atikmdag

VERIFIER_DRIVER_ENTRY: dt nt!_MI_VERIFIER_DRIVER_ENTRY fffffa80092e6c80
Symbol nt!_MI_VERIFIER_DRIVER_ENTRY not found.

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VERIFIER_ENABLED_VISTA_MINIDUMP

PROCESS_NAME:  System

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff8000335b3dc to fffff80002ed1600

STACK_TEXT:  
fffff880`0355b2f8 fffff800`0335b3dc : 00000000`000000c4 00000000`00000062 fffffa80`092e6f20 fffffa80`092e6c80 : nt!KeBugCheckEx
fffff880`0355b300 fffff800`0336a7ea : 00000000`00000001 00000000`00000000 fffff880`04a05000 00000000`00000001 : nt!VerifierBugCheckIfAppropriate+0x3c
fffff880`0355b340 fffff800`02fca000 : 00000000`00000000 00000000`00000000 fffff880`032f9180 00000000`00000000 : nt!VfPoolCheckForLeaks+0x4a
fffff880`0355b380 fffff800`0328f57e : fffffa80`092e6d90 00000000`00000000 00000000`00000000 00000000`00000018 : nt!VfTargetDriversRemove+0x160
fffff880`0355b420 fffff800`032aa01c : 00000000`00000000 00000000`00000001 fffffa80`0000000d 00000000`00000000 : nt!VfDriverUnloadImage+0x2e
fffff880`0355b450 fffff800`032aa3cd : 00000000`00000000 fffffa80`092e6d90 00000000`00000000 00000000`00010200 : nt!MiUnloadSystemImage+0x1fc
fffff880`0355b4b0 fffff800`0334aae1 : 00000000`00000000 00000000`00000000 fffffa80`06d73b40 00000000`00000018 : nt!MmUnloadSystemImage+0x4d
fffff880`0355b4f0 fffff800`02ed67b4 : 00000000`00000000 00000000`00000000 fffffa80`06d73b40 fffffa80`092c0900 : nt!IopDeleteDriver+0x41
fffff880`0355b520 fffff800`02f4e5b7 : 00000000`00000000 fffffa80`092e6750 fffffa80`092e6990 fffff800`02f04200 : nt!ObfDereferenceObject+0xd4
fffff880`0355b580 fffff800`031e87b7 : fffffa80`092e7070 fffffa80`092e7070 00000000`00000001 fffffa80`06d738a0 : nt! ?? ::FNODOBFM::`string'+0x3e1fe
fffff880`0355b630 fffff800`02ed67b4 : fffff880`03fd5798 00000000`00000000 fffffa80`06d738a0 00000000`00000000 : nt!IopDeleteFile+0x1a7
fffff880`0355b6c0 fffff880`03fc19d1 : 00000000`00000000 fffff880`03fd5798 fffff880`03fd5310 00000000`00010246 : nt!ObfDereferenceObject+0xd4
fffff880`0355b720 00000000`00000000 : fffff880`03fd5798 fffff880`03fd5310 00000000`00010246 fffff880`007a0078 : atikmpag+0x1f9d1


STACK_COMMAND:  kb

FOLLOWUP_NAME:  MachineOwner

FAILURE_BUCKET_ID:  X64_0xc4_62_VRF_LEAKED_POOL_IMAGE_atikmdag.sys

BUCKET_ID:  X64_0xc4_62_VRF_LEAKED_POOL_IMAGE_atikmdag.sys

Followup: MachineOwner
---------
Code:
atikmpag atikmpag.sys Tue May 04 21:23:24 201
I would try installing the beta driver from here that I've been using very well for a week or so, as a replacement to see how it goes:

Link Removed due to 404 Error
 


Last edited:
Back
Top