Solved BSODs related to memory or drivers at startup

MercuryHunter

New Member
Messages
4
I've been experiencing a number of different blue screens of death recently that occur just around after starting up my computer. If it's been running fine for more than a couple hours, it can go for days, but getting into that state is a hassle filled with many preceding blue screens.

At first I thought there might be a problem with my RAM, but I ran memtest and it came out all clear. I can't see anything fishy under device manager, I don't know what to do anymore.

Some of the blue screen messages:
Page Fault in Non Paged Area (aswVmm.sys)
Attempted Execute of NoExecute Memory
Driver Verifier Detected Violation
(there was one more I think, but can't remember, nor can I find it in my history - there was something with jraid.sys)

The zip file I had to create with my system dumps and whatnot is attached:
View attachment 61067

Thanks for any help!

Edit: Saw one other message I recognised: Driver IRQL not less or equal. Thank you.
 
Last edited:

My Computer

System One

  • OS
    Windows 8.1
Hi,
jraid.sys is a hard disk driver probably produced by Home, and your dumps mostly refer to this problem.
Your driver is from 2009, so it would be wise to check for newer driver version on ASUS website and update other drivers as well.

checking disk for errors also:
Check your hard disk for errors

Please report results/troubles/dumps :)
 

My Computer

System One

  • OS
    Windows 8.1 Enterprise
Updates

Thank you! But still having problems.
Okay, I upgraded a bunch of drivers (including that jmicron driver) and my BIOS, and still had the attempted execute of
noexecute memory bsod a couple times - but only close to the startup of the computer, either before I could give input, or after logging, within a short while.


I have 3HDDS - Two 3TB Sata 3 6Gbs drives - S, and T, and my main 1TB HDD split into C (250GB) and R (750GB)


I then scanned those hard drives using Error Checking as recommended:
C: Drive - "Your drive was successfully scanned. Windows successfully scanned the drive. No errors were found."
R: Drive - "Your drive was successfully scanned. Windows successfully scanned the drive. No errors were found."
S: Drive - "Your drive was successfully scanned. Windows successfully scanned the drive. No errors were found."
T: Drive - "Your drive was successfully scanned. Windows successfully scanned the drive. No errors were found."


What else could the problem be?


Updated Dumps:
View attachment 61108
 

My Computer

System One

  • OS
    Windows 8.1
Hi,
Updating drivers, has narrowed "attack surface" down.
last 5 out of 6 dumps are due to page fault...


ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY
This indicates that an attempt was made to execute non-executable memory.
None of these dumps directly points to quilty driver, which is marked in red below, just before fault occurs:


Code:
4: kd> kvChild-SP          RetAddr           : Args to Child                                                           : Call Site
ffffd000`afeacc28 fffff800`fb232ee8 : 00000000`000000fc ffffe000`274c5250 80000002`8cd5b963 ffffd000`afeace70 : nt!KeBugCheckEx
ffffd000`afeacc30 fffff800`fb283e4e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x4cd28
ffffd000`afeacc70 fffff800`fb1f8a11 : ffffd000`af040180 ffffd000`afeacd00 ffffe000`262d2880 00000000`00000000 : nt!MiRaisedIrqlFault+0x152
ffffd000`afeaccb0 fffff800`fb1dff2f : 00000000`00000008 ffffd000`af040180 00000000`80000300 fffff800`bec00000 : nt! ?? ::FNODOBFM::`string'+0x12851
[COLOR=#0000cd]ffffd000`afeace70 ffffe000`274c5250 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 :[/COLOR] [COLOR=#0000cd]nt!KiPageFault+0x12f (TrapFrame @ ffffd000`afeace70)[/COLOR]
[COLOR=#ff0000]ffffd000`afead000 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xffffe000`274c5250[/COLOR]

4: kd> !pte 800000028cd5b963
                                           VA 800000028cd5b963
PXE at FFFFF6FB7DBED000    PPE at FFFFF6FB7DA00050    PDE at FFFFF6FB4000A330    PTE at FFFFF68001466AD8
Unable to get PPE FFFFF6FB7DA00050
[COLOR=#ff8c00]WARNING: noncanonical VA, accesses will fault ![/COLOR]

[COLOR=#006400]// Note: VA stands for "Valid" and "Accessed" [/COLOR]



4: kd> .trap ffffd000`afeace70
[COLOR=#0000cd]NOTE: The trap frame does not contain all registers.[/COLOR]
[COLOR=#0000cd]Some register values may be zeroed or incorrect.[/COLOR]
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000004
rdx=0000000206f93000 rsi=0000000000000000 rdi=0000000000000000
rip=ffffe000274c5250 rsp=ffffd000afead000 rbp=0000000000000000
 r8=0000000000000000  r9=0000000000000004 r10=0000000000000000
r11=fffff800fb1e288f r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up di pl zr na pe nc
ffffe000`274c5250 0100            [COLOR=#ff0000]add     dword ptr [rax],eax ds:00000000`00000000=????????[/COLOR]



PAGE_FAULT_IN_NONPAGED_AREA
This indicates that invalid system memory has been referenced
Hopefully this time the guilty driver has been caught


Code:
10: kd> kvChild-SP          RetAddr           : Args to Child                                                           : Call Site
ffffd001`8b71ba78 fffff803`377f805e : 00000000`00000050 ffffffff`ffffffff 00000000`00000001 ffffd001`8b71bce0 : nt!KeBugCheckEx
ffffd001`8b71ba80 fffff803`376cb839 : 00000000`00000001 ffffe001`a2e2a040 ffffd001`8b71bce0 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x1ee9e
ffffd001`8b71bb20 fffff803`377d2f2f : 00000000`00000001 00000000`c0000001 00000000`00000000 00000000`00000000 : nt!MmAccessFault+0x769
[COLOR=#0000cd]ffffd001`8b71bce0 fffff800`d19ce71b : fffff800`d19c46a9 00000000`80000301 fffff800`d19ac000 ffffe001`a56e1480 : nt!KiPageFault+0x12f (TrapFrame @ ffffd001`8b71bce0)[/COLOR]
ffffd001`8b71be78 fffff800`d19c46a9 : 00000000`80000301 fffff800`d19ac000 ffffe001`a56e1480 ffffd001`8b71bf78 : [COLOR=#ff0000]aswVmm+0x2271b[/COLOR]
[COLOR=#ff0000]ffffd001`8b71be80 00000000`80000301 : fffff800`d19ac000 ffffe001`a56e1480 ffffd001`8b71bf78 ffffd001`8b71bf78 : aswVmm+0x186a9[/COLOR]
ffffd001`8b71be88 fffff800`d19ac000 : ffffe001`a56e1480 ffffd001`8b71bf78 ffffd001`8b71bf78 fffff800`d19bcdeb : 0x80000301
[COLOR=#ff0000]ffffd001`8b71be90 ffffe001`a56e1480 : ffffd001`8b71bf78 ffffd001`8b71bf78 fffff800`d19bcdeb ffffd001`8a72a180 : aswVmm[/COLOR]
ffffd001`8b71be98 ffffd001`8b71bf78 : ffffd001`8b71bf78 fffff800`d19bcdeb ffffd001`8a72a180 fffff803`377cbf33 : 0xffffe001`a56e1480
ffffd001`8b71bea0 ffffd001`8b71bf78 : fffff800`d19bcdeb ffffd001`8a72a180 fffff803`377cbf33 ffffe001`a56e1480 : 0xffffd001`8b71bf78
ffffd001`8b71bea8 fffff800`d19bcdeb : ffffd001`8a72a180 fffff803`377cbf33 ffffe001`a56e1480 00000000`00000003 : 0xffffd001`8b71bf78
[COLOR=#ff0000]ffffd001`8b71beb0 ffffd001`8a72a180 : fffff803`377cbf33 ffffe001`a56e1480 00000000`00000003 ffffd001`8b71bf58 : aswVmm+0x10deb[/COLOR]
ffffd001`8b71beb8 fffff803`377cbf33 : ffffe001`a56e1480 00000000`00000003 ffffd001`8b71bf58 00000000`00000000 : 0xffffd001`8a72a180
ffffd001`8b71bec0 ffffd001`8b71bff8 : 00000000`00000000 00000000`00000000 00000000`00000246 00000000`00000000 : nt!SwapContext_PatchLdtBypass+0x7
ffffd001`8b71bf00 00000000`00000000 : 00000000`00000000 00000000`00000246 00000000`00000000 ffffe001`a56f67a0 : 0xffffd001`8b71bff8


10: kd> .trap ffffd001`8b71bce0
[COLOR=#0000cd]NOTE: The trap frame does not contain all registers.[/COLOR]
[COLOR=#0000cd]Some register values may be zeroed or incorrect.[/COLOR]
rax=ffffffffffffffff rbx=0000000000000000 rcx=0000000000000001
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800d19ce71b rsp=ffffd0018b71be78 rbp=ffffd0018a754b01
 r8=000000000000044f  r9=0101010101010101 r10=000000c34b792bf8
r11=0000000000000001 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up di pl nz ac pe nc
aswVmm+0x2271b:
fffff800`d19ce71b 488910          [COLOR=#ff0000]mov     qword ptr [rax],rdx ds:ffffffff`ffffffff=????????????????[/COLOR]



10: kd> lmvm aswVmm
start             end                 module name
fffff800`d19ac000 fffff800`d19f0000   aswVmm   T (no symbols)           
    Loaded symbol image file: aswVmm.sys
[COLOR=#ff0000]    Image path: \SystemRoot\System32\Drivers\aswVmm.sys[/COLOR]
[COLOR=#ff0000]    Image name: aswVmm.sys[/COLOR]
    Timestamp:        Fri Mar 20 12:57:07 2015 (550C0B13)
    CheckSum:         00047A9F
    ImageSize:        00044000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4



The above driver belongs to Avast! antivirus and is known to produce BSOD, therefore it deserves to be removed from system at least while we track this issue down.
During that time I would recommend to use built in Windows defender which will auto enable it self upon avast removal.
Update windows which will in turn update windows defender.

Please note that conventional removal might not work in some cases, therefore the safest way is to use Avast removal utility

And of course share new results, try to reproduce BSOD :)
 

My Computer

System One

  • OS
    Windows 8.1 Enterprise
Okay, so I uninstalled Avast (which seems to have been good for my computer - much faster startup time), and restarted a number of times, and have also left my computer idle for some periods of time, as previously caused these BSODs, but so far nothing. If it doesn't happen again within 4 or so days, I will take it as the issue has been solved (and mark the thread so as well).

Thank you for the help :)
 

My Computer

System One

  • OS
    Windows 8.1
Code:
4: kd> !pte 800000028cd5b963
                                           VA 800000028cd5b963
PXE at FFFFF6FB7DBED000    PPE at FFFFF6FB7DA00050    PDE at FFFFF6FB4000A330    PTE at FFFFF68001466AD8
Unable to get PPE FFFFF6FB7DA00050
[COLOR=#ff8c00]WARNING: noncanonical VA, accesses will fault ![/COLOR]

[COLOR=#006400]// Note: VA stands for "Valid" and "Accessed" [/COLOR]

No, VA stands for Virtual Address.
 

My Computer

System One

  • OS
    Windows 7
Okay, so it seems as if no further problems have come to light, leaving me to conclude that it was indeed Avast screwing everything up. Multiple restarts and idles and restarts have had no further bad effects.

Thank you for the help Addictive Gamer :D
 

My Computer

System One

  • OS
    Windows 8.1
Back
Top