Computer (pc) crashing and locking up-Windows 7

M

Martens24

Member
Joined
Oct 16, 2013
Posts
7
Posted this on Geeks to Go a couple of weeks ago and couldn't seem to find an answer. Zep516 recommended I head over here and ask...

For the past month or so my computer has begun locking up and crashing periodically. Sometimes it will go all day with no problems. Some times it will randomly freeze up causing me to hard reset. Other times it will crash where the screen is quickly pixelated, goes to black, then a blue screen with a bunch of text where it says it's dumping my hard drive or something like that.

I'm running Windows 7. I've tried running a virus scan through McAfee and it shows up clean. Another odd problem which seemed to happen around the same time is that Chrome has started periodically crashing with a pop up that reads "Whoa! Google Chrome has crashed. Relaunch now?".

About a year or less I replaced the hard drive while the computer was still under warranty. I'm not extremely computer savvy so I definitely need some detailed direction. ANY help would be appreciated!

Thanks!!! :-)
 
Thanks for the response! For some reason, the perfmon.html file wouldn't upload. The only way I could get it to do so is if I zipped it as well. Hopefully it works. Here is the information you requested...
 

Attachments

Thanks for attaching the DMP's!

From the attached DMP files, we seem to have two consistent bug checks:

PAGE_FAULT_IN_NONPAGED_AREA (50)

This indicates that invalid system memory has been referenced.

Bug check 0x50 usually occurs after the installation of faulty hardware or in the event of failure of installed hardware (usually related to defective RAM, be it main memory, L2 RAM cache, or video RAM).

Another common cause is the installation of a faulty system service.

Antivirus software can also trigger this error, as can a corrupted NTFS volume.

IRQL_NOT_LESS_OR_EQUAL (a)

This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.

This bug check is issued if paged memory (or invalid memory) is accessed when the IRQL is too high. The error that generates this bug check usually occurs after the installation of a faulty device driver, system service, or BIOS.

--------------------------

In an *a dump from Oct 12th, if we have a look at the call stack:

Code: 
2: kd> kv
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`0805d668 fffff800`034be169 : 00000000`0000000a fffff804`034ddb30 00000000`0000000e 00000000`00000000 : nt!KeBugCheckEx
fffff880`0805d670 fffff800`034bcde0 : fffff880`00000000 fffff880`0805d848 fffff880`0805d830 00000000`00000003 : nt!KiBugCheckDispatch+0x69
fffff880`0805d7b0 fffff800`034ddaee : fffffa80`085bfbd0 00000000`00000330 fffff880`0805d978 00000000`000007ff : nt!KiPageFault+0x260 (TrapFrame @ fffff880`0805d7b0)
fffff880`0805d940 fffff800`034c8a9a : fffff980`0ed43000 fffff880`0805daa0 fffffa80`0507a000 00000000`00000f80 : nt!KiIpiProcessRequests+0x19e
fffff880`0805da20 fffff800`036fbcb8 : fffffa80`0506c949 fffffa80`0507a000 fffff800`036fc3ac fffff980`0ed42000 : nt!KiIpiInterrupt+0x12a (TrapFrame @ fffff880`0805da20)
fffff880`0805dbb8 fffff800`036fbe12 : fffff980`0ed4297a fffffa80`0506c948 fffff980`0ed43000 00000000`00000000 : nt!LZNT1FindMatchStandard+0x10c
fffff880`0805dbe0 fffff800`036fc0b1 : fffff800`036fbbb0 00000000`0eab0000 00000000`000000ff fffffa80`0506bfdf : nt!LZNT1CompressChunk+0xe2
fffff880`0805dc70 fffff800`036fc424 : fffff8a0`00000ffc 00000000`00000000 00000000`00000000 fffff880`0805e2e0 : nt!RtlCompressBufferLZNT1+0x7d
fffff880`0805dce0 fffff880`0125bdac : 00000000`00000000 fffff880`0126b5bc 00000000`0eac0000 00000000`00000000 : nt!RtlCompressBuffer+0x64
fffff880`0805dd30 fffff880`0125c452 : fffff880`0805e2e0 fffff8a0`05fb0c70 00000000`0eac0000 fffff880`0805df80 : Ntfs!NtfsPrepareCompressedWriteBuffer+0x100
fffff880`0805dde0 fffff880`01265e99 : fffff880`0805dfd8 fffffa80`06f43010 fffff880`0805df00 00000000`0eac0000 : Ntfs!NtfsPrepareComplexBuffers+0x1ce
fffff880`0805deb0 fffff880`0126501c : fffffa80`06f43010 fffffa80`066a1500 fffff880`0805dfd0 00000000`0eab0000 : Ntfs!NtfsPrepareBuffers+0x179
fffff880`0805df30 fffff880`012692a2 : fffff880`0805e2e0 fffffa80`06f43010 00000000`00000000 fffff8a0`05fb0c70 : Ntfs!NtfsNonCachedIo+0x1bc
fffff880`0805e100 fffff880`01269e73 : fffff880`0805e2e0 fffffa80`06f43010 fffff880`0805e400 00000000`00100000 : Ntfs!NtfsCommonWrite+0x2d91
fffff880`0805e2b0 fffff880`01039bcf : fffffa80`06f433b0 fffffa80`06f43010 fffffa80`048eb1b0 00000000`00000000 : Ntfs!NtfsFsdWrite+0x1c3
fffff880`0805e530 fffff880`010386df : fffffa80`06e01de0 00000000`00000000 fffffa80`06e01d00 fffffa80`06f43010 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f
fffff880`0805e5c0 fffff880`0123d695 : fffffa80`06f43001 fffff800`03455c10 00000000`00000010 00000000`00000286 : fltmgr!FltpDispatch+0xcf
fffff880`0805e620 fffffa80`06f43001 : fffff800`03455c10 00000000`00000010 00000000`00000286 fffff880`0805e650 : [COLOR=#ff0000][U][I][B]MOBK+0x4695[/B][/I][/U][/COLOR]
fffff880`0805e628 fffff800`03455c10 : 00000000`00000010 00000000`00000286 fffff880`0805e650 00000000`00000018 : 0xfffffa80`06f43001
fffff880`0805e630 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ExAcquireSpinLockShared+0x24

We can see a MOBK.sys (Change Monitor Filter driver) call before a few other NTFS related calls, and then the eventual bug check itself. With this said, I am going to recommend removing the Change Monitor software ASAP for troubleshooting purposes. If after removing it you're still crashing:

Remove and replace AVG with Microsoft Security Essentials for temporary troubleshooting purposes:

AVG removal tool - AVG | Download tools and utilities

MSE - Microsoft Security Essentials - Microsoft Windows

If after removing and replacing AVG as well you're still crashing, enable Driver Verifier to look for further device driver conflict and or corruption:

Driver Verifier:

What is Driver Verifier?

Driver Verifier is included in Windows 8, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.

Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8 - Restore Point - Create in Windows 8

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will flag it, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.
If you did not set up a restore point, do not worry, you can still disable Driver Verifier to get back into normal Windows:

- Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・ Restart and boot into normal Windows.

How long should I keep Driver Verifier enabled for?

It varies, many experts and analysts have different recommendations. Personally, I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier.

My system BSOD'd, where can I find the crash dumps?

They will be located in %systemroot%\Minidump

Any other questions can most likely be answered by this article:
Using Driver Verifier to identify issues with Windows drivers for advanced users

Regards,

Patrick
 
Patrick – thanks for all this info.

It looks like your first recommendation is that I remove the change monitor software – forgive me, but what is that or more importantly, how do I remove it? :huh:

Secondly, the AVG software is a new change. Prior to this, I was running McAfee and it expired so I changed it up. The problems I’ve been experiencing were happening while I was running McAfee – not sure if this information is helpful.

Thanks,

Phillip
 
Hi Phillip,

Thanks for the info in regards to AVG. Keep it installed for now.

In regards to the driver I recommended removal of, the software is called 'Mozy Change Monitor' from Mozy, Inc. Do you have that listed anywhere in Control Panel > 'Uninstall a Program' list?

Regards,

Patrick
 
I don't see anything similar. Here are two screen shots of all the programs listed...
 

Attachments

  • Programs1.jpg
    Programs1.jpg
    274.9 KB · Views: 3
  • Programs2.jpg
    Programs2.jpg
    284.3 KB · Views: 2
Hm, okay, let's do this:

1. Windows 7 - START | type create | select "Create a Restore Point"

2. C:\Windows\System32\Drivers

find and rename MOBK.sys to MOBK.old and then restart.

It'll stop the driver from loading.

Regards,

Patrick
 
Sorry again for the confusion...When I select "create a restore point," I get a "System Properties" dialogue box. There is nowhere for me to select or type C:\Windows\System32\Drivers in order to rename the file.

I tried to find the file under "My Computer" by going to C:\Windows\System32\Drivers and it isn't listed there. :-/
 
No MOBK.sys listed in the Drivers folder, really? Interesting. Well, I'll wait for further crashes before I comment any further and or recommend anything else.

Regards,

Patrick
 
Thanks for the help - just in case, here are some of the drivers. You can see they're in alphabetical order and no MOBK listed...
 

Attachments

  • Drivers.jpg
    Drivers.jpg
    231.8 KB · Views: 3
Yeah, that's very strange. Not sure what could have happened to it. Did you uninstall any programs recently that it may have been a part of?

Regards,

Patrick
 
Ok, what steps did u tried so far? Did u used Windows Memory Diagnostic? If not, do it now. Check more diagnostic solutions as well.

1. Click Start, type "Windows Memory".
2. Press ENTER key to open it from the Search Results.
3. Click "Restart now and check for problems" button.
 
Last edited by a moderator:

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top