Solved Having 100% disk usage & BSOD: kernel_data_inpage_error

roswell

New Member
Messages
5
Good day! This is my first time posting here.


Attached here are 3 minidumps that have produced just today. A quick view tells me that the error is kernel_data_inpage_error with a bug check code 0x0000007a. After some reading about this problem, I still can't find the cause of this error.


Anyway, I'm having consistent 100% disk usage even there is no I/O processes that is happening. A 0.1MB/s would utilize a significant amount of disk usage. And usually, without any I/O process, the disk usage would only be stuck at 100%.


The initial reading of the S. M. A. R. T test *through HDDScan* showed 567 sectors before doing a chkdsk /f /r (I did another chkdsk with /B option).

I have tried doing another S. M. A. R. T test again before posting this and showed the following result:


View attachment 43956


This has only been happening recently, I think after updating the BIOS. I haven't tried to downgrade then upgrade though. I checked the condition of my RAM, too, but there's no problem upon performing Memory Diagnostic Tool. I have also disabled Superfetch, nothing happens. I dunno what's really causing this problem though.


This is my laptop's specs:
Manufacturer: Samsung Electronics
CPU: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Motherboard: NP370R4E-S05PH
Memory: 4GB DDR3
Graphics Card(s): Intel(R) HD Graphics 4000, AMD Radeon™ HD 8750M Graphics with 2GB gDDR3 Graphic Memory (PowerExpress)
Hard Disk Model ID: ST1000LM024 HN-M101MBB
BIOS: American Megatrends Inc. P15RAN.208.140429.ZW

I hope you could help me out. Thanks a lot! :)
 

My Computer

System One

  • OS
    Windows 8
Hi Roswell and welcome to the forums ^_^

I have analyzed your dump files and all of the dump files are giving the same error that is the Kernel Inpage Data Error. For informational purposes the analysis of the most recent dump file is given below in the quotes :-
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************


KERNEL_DATA_INPAGE_ERROR (7a)
The requested page of kernel data could not be read in. Typically caused by
a bad block in the paging file or disk controller error. Also see
KERNEL_STACK_INPAGE_ERROR.
If the error status is 0xC000000E, 0xC000009C, 0xC000009D or 0xC0000185,
it means the disk subsystem has experienced a failure.
If the error status is 0xC000009A, then it means the request failed because
a filesystem failed to make forward progress.
Arguments:
Arg1: 0000000000000004, lock type that was held (value 1,2,3, or PTE address)
Arg2: 0000000000000000, error status (normally i/o status code)
Arg3: fffffa800f101170, current process (virtual address for lock type 3, or PTE)
Arg4: fffff90104f6d008, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)


Debugging Details:
------------------




ERROR_CODE: (NTSTATUS) 0 - STATUS_SUCCESS


BUGCHECK_STR: 0x7a_0


CUSTOMER_CRASH_COUNT: 1


DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT


PROCESS_NAME: mmc.exe


CURRENT_IRQL: 0


ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre


TRAP_FRAME: fffff8801be7d3c0 -- (.trap 0xfffff8801be7d3c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800d127ed0 rbx=0000000000000000 rcx=fffff90104f6d000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff960002300f6 rsp=fffff8801be7d550 rbp=fffff8801be7d5b0
r8=fffffa800bd4d490 r9=0000000000000000 r10=fffff88002c65d60
r11=fffff8801be7d4f0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
win32k!MultiUserGreTrackRemoveEngResource+0x36:
fffff960`002300f6 48397908 cmp qword ptr [rcx+8],rdi ds:fffff901`04f6d008=fffffa800d1599b0
Resetting default scope


LAST_CONTROL_TRANSFER: from fffff801f0d1d06c to fffff801f0c62440


STACK_TEXT:
fffff880`1be7d0c8 fffff801`f0d1d06c : 00000000`0000007a 00000000`00000004 00000000`00000000 fffffa80`0f101170 : nt!KeBugCheckEx
fffff880`1be7d0d0 fffff801`f0cdebb7 : 00000000`00000002 fffff880`1be7d230 fffff880`07d68bf8 fffff880`1be7d220 : nt! ?? ::FNODOBFM::`string'+0x24cc6
fffff880`1be7d1b0 fffff801`f0c9cdef : fffffa80`04c946c0 fffff880`07d68bf8 00000000`c0033333 fffff901`010a1780 : nt!MiIssueHardFault+0x1b7
fffff880`1be7d280 fffff801`f0c5feee : 00000000`00000000 fffffa80`03a578b0 fffff901`010a1500 fffff880`1be7d3c0 : nt!MmAccessFault+0x81f
fffff880`1be7d3c0 fffff960`002300f6 : fffff880`1be7d610 fffffa80`0eb2bb50 fffff880`1be7d670 fffffa80`07aa4550 : nt!KiPageFault+0x16e
fffff880`1be7d550 fffff960`00223bc2 : fffffa80`07aa4550 00000000`00000001 fffff880`1be7d5b0 fffff880`6d657347 : win32k!MultiUserGreTrackRemoveEngResource+0x36
fffff880`1be7d580 fffff960`001a6ac7 : fffff901`000bc010 fffff901`028834c0 fffff901`0008a010 fffff880`1be7d968 : win32k!RFONTOBJ::vDeleteRFONT+0x246
fffff880`1be7d5f0 fffff960`0019a8f5 : fffff901`04abbca0 fffff880`1be7d968 fffff901`04abbca0 fffff880`1be7d968 : win32k!RFONTOBJ::bMakeInactiveHelper+0x43d
fffff880`1be7d670 fffff960`001dd035 : fffff880`1be7d850 00000000`ffffffff 00000000`00000000 fffff880`1be7d900 : win32k!RFONTOBJ::vMakeInactive+0x65
fffff880`1be7d710 fffff960`001d08da : 00000000`00000000 00000000`000016ec 00000000`ffffffff ffffffff`10018000 : win32k!RFONTOBJ::bInit+0x185
fffff880`1be7d8d0 fffff960`001b13f5 : fffff880`1be7d9c0 fffff880`1be7d9c8 00000000`00000001 fffff901`04bedca0 : win32k!GreGetGlyphIndicesW+0x5a
fffff880`1be7d950 fffff960`0017f5e6 : fffff880`1be7dad0 00000000`00000000 00000000`00000001 fffff960`001d5196 : win32k!NtGdiGetGlyphIndicesWInternal+0x11d
fffff880`1be7da50 fffff801`f0c61453 : fffff901`04dce010 00000000`00000000 00000000`00000000 fffff960`001cf476 : win32k!NtGdiGetGlyphIndicesW+0x16
fffff880`1be7da90 000007fd`a92932da : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`0078bf48 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007fd`a92932da




STACK_COMMAND: kb


FOLLOWUP_IP:
win32k!MultiUserGreTrackRemoveEngResource+36
fffff960`002300f6 48397908 cmp qword ptr [rcx+8],rdi


SYMBOL_STACK_INDEX: 5


SYMBOL_NAME: win32k!MultiUserGreTrackRemoveEngResource+36


FOLLOWUP_NAME: MachineOwner


MODULE_NAME: win32k


IMAGE_NAME: win32k.sys


DEBUG_FLR_IMAGE_TIMESTAMP: 52f5b3bd


IMAGE_VERSION: 6.2.9200.16817


BUCKET_ID_FUNC_OFFSET: 36


FAILURE_BUCKET_ID: 0x7a_0_win32k!MultiUserGreTrackRemoveEngResource


BUCKET_ID: 0x7a_0_win32k!MultiUserGreTrackRemoveEngResource


ANALYSIS_SOURCE: KM


FAILURE_ID_HASH_STRING: km:0x7a_0_win32k!multiusergretrackremoveengresource


FAILURE_ID_HASH: {4deb7891-af5b-262a-081f-56bf5447d3c0}


Followup: MachineOwner
---------
Please update your system as soon as possible using the Windows Update as most of your system components are outdated. Please note that it might take several visits to grab all of the updates.

Did you notice anything about what triggers the BSOD generally? Like doing a specific task of launching an application or like that?
Also, does the disk utilization stay the same even after some time (like maybe an hour or so)?

Could you please run Process Explorer found over here and post back the names of the services which do not have any company name or have a very odd name of the process itself?
Process Explorer

Furthermore, you should be able to see which process is taking and eating up the disk so much. In the meanwhile, I would suggest you to backup your data completely because there is some chance that a rootkit might be present on your system as the dump files are having that kind of pattern as the Windows function called in the stack i.e. GetGlyphIndices returned a Status_Success (0) which means the function executed successfully but something else caused the BSOD in which case we might need to format the system if there is a rootkit present.

It is just a theory, so please don't worry, will do my best to solve your problem ^_^
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!
Sorry, I'm on mobile now T.T my laptop is having a hangup at this moment >.<
but to answer some of your questions:

"Did you notice anything about what triggers the BSOD generally? Like doing a specific task of launching an application or like that?
Also, does the disk utilization stay the same even after some time (like maybe an hour or so)?"

This 100% disk usage has been consistent since I posted this thread (around 5 hours haha T.T). My hard disk is noisier now, like it's working harder than the usual, and it's getting a 40 degrees Celscius reading. I first had a BSOD when I was installing Cygwin recently. After that, whenever I multitask (or even just reinstalling some packages in Cygwin with no other processes running), the usage would skyrocket and stay at 100%.

I just checked my list of updates, and ... it says I have completed all of my updates @.@

Um, I scanned my system using Avast Antivirus, but it says that there is no infection that occurred. It's actually my first time hearing/reading about rootkits. Is it harder to find compared to other viruses?

Anyway, I'll go back to my laptop to add some info and screenies about my processes.

*EDIT: I don't think there are no odd processes in my Process Explorer. Although some have "Path: [Error opening process]", I do think that this is solvable by running it as an administrator. Here's the screenies for my processes. (Sorry, I also don't know which process are dubious, as I only relied on a quick Google search for some info).

View attachment 43973
View attachment 43974
View attachment 43975

As for processes who eat too much disk resources, Google Chrome, System and Avast usually eat it up. But I always open many tabs in Chrome with more processes open before and disk usage stays low.
 
Last edited:

My Computer

System One

  • OS
    Windows 8
Hi roswell,

According to your screenies , there is 0% disk usage while you were running the Process Explorer as you can clearly see that the 4th graph below the menu bar gives the I/O activity which is 0% in all of your screenshots. Could you please try this solution and see if it works or not?

Understanding the Windows Pagefile and Why You Shouldn't Disable It

There is a section for increasing and setting up the Pagefile appropriately. So please try and setup according to that. Also, could you please post the screenshot of the task manager in descending order according to their disk usage?

Before we proceed further, please update the following drivers as well :-

Start End Module Name Date
fffff880`0118e000 fffff880`011fb000 ACPI ACPI.sys Thu Sep 20 11:39:16 2012 (505AB30C)
fffff880`0116c000 fffff880`01183000 acpiex acpiex.sys Thu Jul 26 07:55:57 2012 (5010AAB5)
fffff880`047b5000 fffff880`047cd000 AgileVpn AgileVpn.sys Thu Jul 26 07:53:11 2012 (5010AA0F)
fffff880`1b9f0000 fffff880`1b9fc000 asyncmac asyncmac.sys Thu Jul 26 07:58:25 2012 (5010AB49)
fffff880`0444e000 fffff880`0445f000 BasicDisplay BasicDisplay.sys Thu Jul 26 07:59:08 2012 (5010AB74)
fffff880`04191000 fffff880`0419e000 BasicRender BasicRender.sys Thu Jul 26 07:58:51 2012 (5010AB63)
fffff880`04e3f000 fffff880`04e4b000 BATTC BATTC.SYS Thu Oct 11 10:49:58 2012 (507656FE)
fffff880`04189000 fffff880`04191000 Beep Beep.SYS Thu Jul 26 08:00:19 2012 (5010ABBB)
fffff880`00d0d000 fffff880`00d17000 BOOTVID BOOTVID.dll Thu Jul 26 08:00:22 2012 (5010ABBE)
fffff880`1b55e000 fffff880`1b57e000 bowser bowser.sys Thu Jul 26 07:58:01 2012 (5010AB31)
fffff880`0469b000 fffff880`046f5000 cbfs3 cbfs3.sys Mon Aug 06 15:06:35 2012 (501F9023)
fffff960`008ca000 fffff960`00900000 cdd cdd.dll Thu Jul 26 10:19:37 2012 (5010CC61)
fffff880`00c79000 fffff880`00cd5000 CLFS CLFS.SYS Thu Jul 26 07:59:39 2012 (5010AB93)
fffff880`067f5000 fffff880`067fb400 CmBatt CmBatt.sys Thu Jul 26 07:59:20 2012 (5010AB80)
fffff880`04600000 fffff880`0460f000 CompositeBus CompositeBus.sys Thu Jul 26 07:58:03 2012 (5010AB33)
fffff880`083f3000 fffff880`08400000 condrv condrv.sys Thu Jul 26 08:00:08 2012 (5010ABB0)
fffff880`04000000 fffff880`04011000 discache discache.sys Thu Jul 26 07:58:23 2012 (5010AB47)
fffff880`082b1000 fffff880`082d3000 drmk drmk.sys Thu Oct 11 10:48:59 2012 (507656C3)
fffff880`08388000 fffff880`08395000 dump_diskdump dump_diskdump.sys Thu Jul 26 07:59:58 2012 (5010ABA6)
fffff880`08395000 fffff880`083a9000 dump_dumpfve dump_dumpfve.sys Thu Sep 20 11:39:30 2012 (505AB31A)
fffff880`03abc000 fffff880`03d86000 dump_iaStorA dump_iaStorA.sys Tue Jul 31 23:51:21 2012 (50182221)
fffff880`0176c000 fffff880`01786000 EhStorClass EhStorClass.sys Thu Jul 26 07:56:24 2012 (5010AAD0)
fffff880`0678a000 fffff880`067dc000 ETD ETD.sys Tue Oct 09 09:15:04 2012 (50739DC0)
fffff880`049a3000 fffff880`049da000 fastfat fastfat.SYS Thu Jul 26 08:00:23 2012 (5010ABBF)
fffff880`017e6000 fffff880`017fa000 fileinfo fileinfo.sys Thu Jul 26 07:58:02 2012 (5010AB32)
fffff880`01786000 fffff880`017e6000 fltmgr fltmgr.sys Thu Jul 26 08:00:09 2012 (5010ABB1)
fffff880`01a6f000 fffff880`01a79000 Fs_Rec Fs_Rec.sys Thu Jul 26 08:00:08 2012 (5010ABB0)
fffff801`f1354000 fffff801`f13c0000 hal hal.dll Wed Oct 24 08:33:21 2012 (50875A79)
fffff880`04e29000 fffff880`04e3f000 HDAudBus HDAudBus.sys Thu Sep 20 11:38:43 2012 (505AB2EB)
fffff880`04e00000 fffff880`04e13000 HECIx64 HECIx64.sys Tue Jul 03 03:44:58 2012 (4FF21D62)
fffff880`0675b000 fffff880`0677b000 i8042prt i8042prt.sys Thu Jul 26 07:58:50 2012 (5010AB62)
fffff880`04e4f000 fffff880`05364fa0 igdkmd64 igdkmd64.sys Thu Oct 18 00:42:29 2012 (507F031D)
fffff880`082d9000 fffff880`08331000 IntcDAud IntcDAud.sys Tue Jun 19 20:10:51 2012 (4FE08F73)
fffff880`06171000 fffff880`0618d000 intelppm intelppm.sys Tue Nov 06 09:25:02 2012 (50988A16)
fffff880`0544f000 fffff880`0545b000 iwdbus iwdbus.sys Tue Jul 24 01:49:17 2012 (500DB1C5)
fffff880`0677b000 fffff880`0678a000 kbdclass kbdclass.sys Thu Jul 26 07:58:47 2012 (5010AB5F)
fffff801`efca7000 fffff801`efcb0000 kd kd.dll Thu Jul 26 08:00:34 2012 (5010ABCA)
fffff880`0460f000 fffff880`0461a000 kdnic kdnic.sys Thu Jul 26 07:57:41 2012 (5010AB1D)
fffff880`082d3000 fffff880`082d8380 ksthunk ksthunk.sys Thu Jul 26 07:58:58 2012 (5010AB6A)
fffff880`07e22000 fffff880`07e36000 lltdio lltdio.sys Thu Jul 26 07:54:02 2012 (5010AA42)
fffff880`083b7000 fffff880`083df000 luafv luafv.sys Thu Jul 26 07:59:13 2012 (5010AB79)
fffff880`00c1a000 fffff880`00c79000 mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Thu Jul 26 08:00:12 2012 (5010ABB4)
fffff880`083a9000 fffff880`083b7000 monitor monitor.sys Fri Mar 01 10:26:18 2013 (513034F2)
fffff880`067dc000 fffff880`067eb000 mouclass mouclass.sys Thu Jul 26 07:58:47 2012 (5010AB5F)
fffff880`013b2000 fffff880`013cc000 mountmgr mountmgr.sys Thu Jul 26 07:59:33 2012 (5010AB8D)
fffff880`1b400000 fffff880`1b44b000 mrxsmb10 mrxsmb10.sys Thu Jul 26 07:53:06 2012 (5010AA0A)
fffff880`045f3000 fffff880`045ff000 Msfs Msfs.SYS Thu Jul 26 08:00:24 2012 (5010ABC0)
fffff880`06145000 fffff880`0614e000 mshidkmdf mshidkmdf.sys Thu Jul 26 07:59:24 2012 (5010AB84)
fffff880`00c00000 fffff880`00c0a000 msisadrv msisadrv.sys Thu Jul 26 07:58:02 2012 (5010AB32)
fffff880`00d96000 fffff880`00df9000 msrpc msrpc.sys Thu Jul 26 07:58:37 2012 (5010AB55)
fffff880`041e8000 fffff880`041f4000 mssmbios mssmbios.sys Thu Jul 26 07:59:19 2012 (5010AB7F)
fffff880`01c54000 fffff880`01c6b000 mup mup.sys Thu Jul 26 08:00:00 2012 (5010ABA8)
fffff880`04734000 fffff880`04740000 ndistapi ndistapi.sys Thu Sep 20 11:39:19 2012 (505AB30F)
fffff880`083df000 fffff880`083f3000 ndisuio ndisuio.sys Thu Jul 26 07:56:21 2012 (5010AACD)
fffff880`04740000 fffff880`0476f000 ndiswan ndiswan.sys Thu Jul 26 07:53:13 2012 (5010AA11)
fffff880`1b44b000 fffff880`1b467000 Ndu Ndu.sys Thu Jul 26 07:53:41 2012 (5010AA2D)
fffff880`03f38000 fffff880`03f48000 netbios netbios.sys Thu Jul 26 07:58:19 2012 (5010AB43)
fffff880`03a31000 fffff880`03a89000 netbt netbt.sys Thu Jul 26 07:54:26 2012 (5010AA5A)
fffff880`01b74000 fffff880`01be3000 NETIO NETIO.SYS Thu Oct 11 10:46:20 2012 (50765624)
fffff880`045e1000 fffff880`045f3000 Npfs Npfs.SYS Thu Jul 26 08:00:26 2012 (5010ABC2)
fffff880`03e51000 fffff880`03e5d000 npsvctrig npsvctrig.sys Thu Jul 26 07:57:33 2012 (5010AB15)
fffff880`03e43000 fffff880`03e51000 nsiproxy nsiproxy.sys Thu Jul 26 07:55:00 2012 (5010AA7C)
fffff880`04180000 fffff880`04189000 Null Null.SYS Thu Jul 26 08:00:16 2012 (5010ABB8)
fffff880`07e36000 fffff880`07ea4000 nwifi nwifi.sys Thu Jul 26 07:55:11 2012 (5010AA87)
fffff880`03ef8000 fffff880`03f22000 pacer pacer.sys Thu Jul 26 07:53:05 2012 (5010AA09)
fffff880`01276000 fffff880`012b3000 pci pci.sys Thu Jul 26 07:57:43 2012 (5010AB1F)
fffff880`01a5e000 fffff880`01a6f000 pcw pcw.sys Thu Jul 26 07:58:44 2012 (5010AB5C)
fffff880`00cf8000 fffff880`00d0d000 PSHED PSHED.dll Thu Jul 26 10:23:53 2012 (5010CD61)
fffff880`01400000 fffff880`0140c1a0 PxHlpa64 PxHlpa64.sys Tue Apr 24 22:56:29 2012 (4F96E245)
fffff880`053f4000 fffff880`053ff000 RadioHIDMini RadioHIDMini.sys Fri Jul 27 17:27:08 2012 (50128214)
fffff880`061ae000 fffff880`061d3000 rasl2tp rasl2tp.sys Thu Jul 26 07:53:16 2012 (5010AA14)
fffff880`061d3000 fffff880`061ed000 raspppoe raspppoe.sys Thu Jul 26 07:54:55 2012 (5010AA77)
fffff880`0618d000 fffff880`061ae000 raspptp raspptp.sys Thu Jul 26 07:53:13 2012 (5010AA11)
fffff880`04797000 fffff880`047b5000 rassstp rassstp.sys Thu Jul 26 07:53:59 2012 (5010AA3F)
fffff880`03f48000 fffff880`03fbb000 rdbss rdbss.sys Sat May 04 10:17:00 2013 (518492C4)
fffff880`0545b000 fffff880`05466000 rdpbus rdpbus.sys Thu Jul 26 07:58:19 2012 (5010AB43)
fffff880`01fbe000 fffff880`01ff9000 rdyboost rdyboost.sys Thu Jul 26 07:58:34 2012 (5010AB52)
fffff880`06b27000 fffff880`06b3f000 rspndr rspndr.sys Thu Jul 26 07:54:06 2012 (5010AA46)
fffff880`06092000 fffff880`06145000 Rt630x64 Rt630x64.sys Fri Sep 07 13:51:17 2012 (5049AE7D)
fffff880`06a00000 fffff880`06a8d000 srv srv.sys Thu Jul 26 07:55:28 2012 (5010AA98)
fffff880`067fc000 fffff880`067fd480 swenum swenum.sys Thu Jul 26 07:58:53 2012 (5010AB65)
fffff880`1b9de000 fffff880`1b9f0000 tcpipreg tcpipreg.sys Thu Jul 26 07:53:13 2012 (5010AA11)
fffff880`041c0000 fffff880`041ce000 TDI TDI.SYS Thu Jul 26 07:57:59 2012 (5010AB2F)
fffff880`0419e000 fffff880`041c0000 tdx tdx.sys Thu Jul 26 07:54:58 2012 (5010AA7A)
fffff880`00cd5000 fffff880`00cf8000 tm tm.sys Thu Jul 26 07:59:01 2012 (5010AB6D)
fffff960`006d4000 fffff960`006dd000 TSDDD TSDDD.dll unavailable (00000000)
fffff880`047cd000 fffff880`047f9000 tunnel tunnel.sys Thu Jul 26 07:53:04 2012 (5010AA08)
fffff880`04645000 fffff880`04657000 umbus umbus.sys Thu Jul 26 07:57:39 2012 (5010AB1B)
fffff880`05493000 fffff880`054a4000 usb3Hub usb3Hub.sys Wed Sep 26 16:34:00 2012 (5062E120)
fffff880`012b3000 fffff880`012c0000 vdrvroot vdrvroot.sys Thu Jul 26 07:57:29 2012 (5010AB11)
fffff880`0133a000 fffff880`01352000 volmgr volmgr.sys Thu Jul 26 07:59:22 2012 (5010AB82)
fffff880`01352000 fffff880`013b2000 volmgrx volmgrx.sys Thu Jul 26 07:59:59 2012 (5010ABA7)
fffff880`0674e000 fffff880`0675b000 vwifibus vwifibus.sys Thu Jul 26 07:57:54 2012 (5010AB2A)
fffff880`03f22000 fffff880`03f38000 vwififlt vwififlt.sys Thu Jul 26 07:56:39 2012 (5010AADF)
fffff880`1b554000 fffff880`1b55e000 vwifimp vwifimp.sys Thu Jul 26 07:56:39 2012 (5010AADF)
fffff880`045d0000 fffff880`045e1000 watchdog watchdog.sys Thu Jul 26 07:59:05 2012 (5010AB71)
fffff880`067eb000 fffff880`067f5000 wmiacpi wmiacpi.sys Thu Jul 26 07:59:53 2012 (5010ABA1)
fffff880`01000000 fffff880`0100a000 WMILIB WMILIB.SYS Thu Jul 26 08:00:04 2012 (5010ABAC)
fffff880`01183000 fffff880`0118e000 WppRecorder WppRecorder.sys Thu Jul 26 07:59:07 2012 (5010AB73)
fffff880`046f5000 fffff880`04729000 XHCIPort XHCIPort.sys Wed Sep 26 16:34:01 2012 (5062E121)
Use the name of the drivers given to search the driver database ^_^. Most of them can be updated using the Windows Update but the few need to be downloaded separately.
You would find more information on the driver database over here :- Driver Reference Table (DRT)
It would provide you with the information on where to get the latest version of the driver.

I don't think that the Antivirus suites (Only) can detect the rootkits. If you just want to scratch the surface and how they work below are provided some of the most useful and informative links :-

Rootkit - Wikipedia, the free encyclopedia

How to discover hidden rootkits | News | TechRadar

Rootkit Debugging - SYSTEM_SERVICE_EXCEPTION (3b), KERNEL_DATA_INPAGE_ERROR (7a) - Sysnative Forums (Thanks Patrick!)

The last link has got two case studies as well and your case according to me is almost similar to the second case.

But, please just do not start the Anti Rootkit measures right now as we cannot be sure that it is a rootkit. Please perform the driver updates first. Also, please clean your system of the Avast and replace it with the Windows Defender / Microsoft Security Essentials.

Use this toolkit to clean the avast! installation :- avast! Uninstall Utility | Download aswClear for avast! Removal
 
Last edited:

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!
Hi! Sorry for not getting back to you for a long time, I was busy at school. :(

I have upgraded my drivers, and as of the moment, it's not producing kernel_data_inpage_error but my laptop had another BSOD. (Minidumps are attached here). This has happened before I unistalled Avast, and I'm trying to reproduce the problem at the moment.

Along with its minidump, the latest BSOD produced a file called MEMORY.DMP I didn't upload it here because it's too large. But just tell me if you wanna see it, I'll upload it. :)

Here are the screenies btw:
View attachment 44162View attachment 44163View attachment 44164View attachment 44165

And here's my virtual page file settings:
View attachment 44167

Sorry, I haven't encountered this problem ever since I got this laptop a year ago, I'm pretty clueless as to what I should do. :(
 

My Computer

System One

  • OS
    Windows 8
Hi roswell,
No problem with school, myself also a student so I know :p


I am seeing the Avast Antivirus drivers loaded in the Dump files so please remove it using the Uninstall utility provided in the above post. The latest dump file dated 1st June 2014 blamed Avast Antivirus and it's presence in the stack caused the blue-screen. So please uninstall that.

In the remaining dump files, we have an Driver_Power_State_Failure with a bug check code of 9F which means that an IRP packet from the driver was not returned in a timely fashion. Below is provided the analysis for informative purposes :-
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************


DRIVER_POWER_STATE_FAILURE (9f)
A driver has failed to complete a power IRP within a specific time.
Arguments:
Arg1: 0000000000000003, A device object has been blocking an Irp for too long a time
Arg2: fffffa80049dd5f0, Physical Device Object of the stack
Arg3: fffff800a4fd97f0, nt!TRIAGE_9F_POWER on Win7 and higher, otherwise the Functional Device Object of the stack
Arg4: fffffa8004cebaf0, The blocked IRP


Debugging Details:
------------------




DRVPOWERSTATE_SUBCODE: 3


IMAGE_NAME: UsbHub3.sys


DEBUG_FLR_IMAGE_TIMESTAMP: 524b4a81


MODULE_NAME: UsbHub3


FAULTING_MODULE: fffff88004b0b000 UsbHub3


CUSTOMER_CRASH_COUNT: 1


DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT


BUGCHECK_STR: 0x9F


PROCESS_NAME: System


CURRENT_IRQL: 2


ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre


DPC_STACK_BASE: FFFFF800A4FDFFB0


STACK_TEXT:
fffff800`a4fd97b8 fffff800`a6199752 : 00000000`0000009f 00000000`00000003 fffffa80`049dd5f0 fffff800`a4fd97f0 : nt!KeBugCheckEx
fffff800`a4fd97c0 fffff800`a6199785 : fffffa80`0d5c0410 fffffa80`04920370 fffff800`a4fd9939 fffff800`a612706c : nt!PopIrpWatchdogBugcheck+0xe2
fffff800`a4fd9820 fffff800`a608623a : fffffa80`04920370 fffff800`a4fd9939 00000000`00000001 00000000`00000000 : nt!PopIrpWatchdog+0x32
fffff800`a4fd9870 fffff800`a60846a5 : 00000000`00000000 fffff800`a6085d4f 00000000`00140001 fffff800`a62fede0 : nt!KiProcessExpiredTimerList+0x22a
fffff800`a4fd99a0 fffff800`a60866b8 : fffff800`a62fb180 fffff800`a62fdf80 00000000`00000003 00000000`0010a84b : nt!KiExpireTimerTable+0xa9
fffff800`a4fd9a40 fffff800`a6085a56 : fffffa80`00000000 00001fa0`002f0080 00000000`00000000 00000000`00000002 : nt!KiTimerExpiration+0xc8
fffff800`a4fd9af0 fffff800`a6086a0a : fffff800`a62fb180 fffff800`a62fb180 00000000`001a3db0 fffff800`a6355880 : nt!KiRetireDpcList+0x1f6
fffff800`a4fd9c60 00000000`00000000 : fffff800`a4fda000 fffff800`a4fd4000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a




STACK_COMMAND: kb


FOLLOWUP_NAME: MachineOwner


IMAGE_VERSION: 6.2.9200.16728


FAILURE_BUCKET_ID: 0x9F_3_POWER_DOWN_VBoxUSB_IMAGE_UsbHub3.sys

BUCKET_ID: 0x9F_3_POWER_DOWN_VBoxUSB_IMAGE_UsbHub3.sys


ANALYSIS_SOURCE: KM


FAILURE_ID_HASH_STRING: km:0x9f_3_power_down_vboxusb_image_usbhub3.sys


FAILURE_ID_HASH: {e7924855-0742-d21d-ff8d-073eef8978f6}


Followup: MachineOwner

If we perform a !irp on the 4th argument, we get the "VboxUSB.sys" as the blaming driver or it is conflicting with something. Could you please uninstall Virtual Box from your system and see if the BSODs continue or not. Also, please re run theWindows Updates to make sure that all of your system components are updated or not.
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!
Hi! :)

Well, I had another BSOD just now, same with the thread title. T.T This time, I bought an SSD and tried to migrate my files in it. Suddenly, it crashed, along with my optimism. :|

I'm truly sorry for the bother. >.<

I've updated my drivers, uninstalled Avast, and other programs, too :(
 

My Computer

System One

  • OS
    Windows 8
Hi! :)

Well, I had another BSOD just now, same with the thread title. T.T This time, I bought an SSD and tried to migrate my files in it. Suddenly, it crashed, along with my optimism. :|

I'm truly sorry for the bother. >.<

I've updated my drivers, uninstalled Avast, and other programs, too :(
Hi roswell ^_^,

Sorry for late response as I was out of town <_<.

I have analyzed your latest dump file but I cannot make anything out of the stack, so could you please Driver Verifier according to this LINK. But before that, could you please run this tool over HERE & let me know the output? Also, please update the below drivers :-
Code:
**************************Tue Jun  3 20:31:30.398 2014 (UTC + 5:30)**************************
PxHlpa64.sys                Tue Apr 24 22:56:29 2012 (4F96E245)
HECIx64.sys                 Tue Jul  3 03:44:58 2012 (4FF21D62)
iwdbus.sys                  Tue Jul 24 01:49:17 2012 (500DB1C5)
RadioHIDMini.sys            Fri Jul 27 17:27:08 2012 (50128214)
cbfs3.sys                   Mon Aug  6 15:06:35 2012 (501F9023)
iaStorA.sys                 Sun Sep  2 06:31:24 2012 (5042AFE4)
dump_iaStorA.sys            Sun Sep  2 06:31:24 2012 (5042AFE4)
usb3Hub.sys                 Wed Sep 26 16:34:00 2012 (5062E120)
ETD.sys                     Tue Oct  9 09:15:04 2012 (50739DC0)
igdkmd64.sys                Thu Oct 18 00:42:29 2012 (507F031D)
intelppm.sys                Tue Nov  6 09:25:02 2012 (50988A16)
amdkmpfd.sys                Thu Feb 14 07:34:13 2013 (511C461D)
atikmpag.sys                Fri Mar  8 07:41:09 2013 (513948BD)
atikmdag.sys                Fri Mar  8 08:55:16 2013 (51395A1C)
Smb_driver_Intel.sys        Wed May  8 03:50:44 2013 (51897E3C)
AMPPAL.sys                  Tue May 21 20:42:37 2013 (519B8EE5)
IntcDAud.sys                Tue Jul  2 16:01:16 2013 (51D2ABF4)
NETwew00.sys                Fri Aug 23 02:50:34 2013 (521680A2)
eudskacs.sys                Wed Sep  4 08:44:03 2013 (5226A57B)
eubakup.sys                 Wed Sep  4 08:44:10 2013 (5226A582)
EUBKMON.sys                 Wed Sep  4 08:44:32 2013 (5226A598)
EuFdDisk.sys                Wed Sep  4 08:44:38 2013 (5226A59E)
Rt630x64.sys                Mon Sep  9 12:17:07 2013 (522D6EEB)
idmwfp.sys                  Wed Nov 27 19:54:10 2013 (5296008A)
VBoxNetAdp.sys              Wed Mar 26 23:28:02 2014 (5333152A)
VBoxNetFlt.sys              Wed Mar 26 23:28:02 2014 (5333152A)
VBoxUSBMon.sys              Wed Mar 26 23:28:02 2014 (5333152A)
VBoxDrv.sys                 Wed Mar 26 23:31:30 2014 (533315FA)
RTKVHD64.sys                Tue Apr  8 16:20:36 2014 (5343D47C)
http://www.carrona.org/drivers/driver.php?id=PxHlpa64.sys
http://www.carrona.org/drivers/driver.php?id=HECIx64.sys
http://www.carrona.org/drivers/driver.php?id=iwdbus.sys
RadioHIDMini.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=cbfs3.sys
http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=dump_iaStorA.sys
http://www.carrona.org/drivers/driver.php?id=usb3Hub.sys
http://www.carrona.org/drivers/driver.php?id=ETD.sys
http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=amdkmpfd.sys
http://www.carrona.org/drivers/driver.php?id=atikmpag.sys
http://www.carrona.org/drivers/driver.php?id=atikmdag.sys
http://www.carrona.org/drivers/driver.php?id=Smb_driver_Intel.sys
http://www.carrona.org/drivers/driver.php?id=AMPPAL.sys
http://www.carrona.org/drivers/driver.php?id=IntcDAud.sys
http://www.carrona.org/drivers/driver.php?id=NETwew00.sys
http://www.carrona.org/drivers/driver.php?id=eudskacs.sys
http://www.carrona.org/drivers/driver.php?id=eubakup.sys
http://www.carrona.org/drivers/driver.php?id=EUBKMON.sys
http://www.carrona.org/drivers/driver.php?id=EuFdDisk.sys
http://www.carrona.org/drivers/driver.php?id=Rt630x64.sys
http://www.carrona.org/drivers/driver.php?id=idmwfp.sys
http://www.carrona.org/drivers/driver.php?id=VBoxNetAdp.sys
http://www.carrona.org/drivers/driver.php?id=VBoxNetFlt.sys
http://www.carrona.org/drivers/driver.php?id=VBoxUSBMon.sys
http://www.carrona.org/drivers/driver.php?id=VBoxDrv.sys
http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!
Sorry for not reply for a very long time. I opted to buy an SSD instead, because I needed my laptop as soon as possible.
Anyway, as of the moment, I am using my old HDD as an external HDD. It's functioning fine, too. Lagging here and there at some point though. I wanna use it again but I guess it's not this time.

I don't know if I should mark this as "solved", but Mr. blueelvis, thank you so much for helping me out. :D
 

My Computer

System One

  • OS
    Windows 8
Glad to see that the issue was resolved, in case of further issues, feel free to post back here ^_^
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!
Back
Top