Jump to content

SYSTEM_SERVICE_EXCEPTION ntfs.sys


Recommended Posts

Please be advised that I am having some serious eye problems and may mistype things.  Please feel free to ask questions in case I've mistyped something.

Only 7 Windows Update hotfixes installed.  Most systems have more than this.  Please visit Windows Update and get ALL available Windows Updates.
The actual number is not important.  Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.

Your UEFI/BIOS (version 1603) dates from 2014.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  If you are able to install the update through Windows (without booting from an external drive), then go ahead and update it.  WARNING - if the computer might shut down during this procedure, please don't do it, as this may physically damage the computer and prevent it from booting.
FYI - W8 and W10 communicate more with the UEFI/BIOS than previous versions of Windows, so it's important to ensure that the UEFI/BIOS is kept up to date (and the outdated UEFI/BIOS' may be the cause of some compatibility issues).

ItFrom a lone BSOD it's often difficult to tell what caused it.  From your post, the blame was laid on ntfs.sys - a Windows driver that controls the file system on your hard drive(s).
As such, there's several things to start with:
- run chkdsk /f /r from an elevated Command Prompt/PowerShell
- test your hard drives with the manufacturer's diagnostics.  Unfortunaelely, SSD's don't usually have decent testing utilities.  Use the Western Digital DataLifeguard tools for the My Passport that's connected.You also may want to run MemTest (as the BSOD has some signs that may be RAM related):  http://www.carrona.org/memdiag.html

Beyond that, I'd suggest running Driver Verifier according to these instructions:  http://www.carrona.org/verifier.html
Let the system crash at least 3 times (so we'll have several data points to work with).

 

APlease update these older drivers.  Links are provided in order to assist you with looking up the source of the drivers.  
If unable to find an update, please uninstall the program that is responsible for that driver.  

DO NOT manually delete/rename the driver as it may make the system unbootable!!!:

pwdrvio.sys                                   Mon Jun 15 21:43:45 2009 (4A36F8D1)
MiniTool Partition Wizard http://www.partitionwizard.com/free-partition-manager.html
http://www.carrona.org/drivers/driver.php?id=pwdrvio.sys
 
intelppm.sys                                  Wed Feb  8 18:16:35 2012 (4F330253)
Intel Processor driver http://downloadcenter.intel.com/Default.aspx also at  
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
 
AsIO.sys                                      Wed Aug 22 05:54:47 2012 (5034AC67)
Asus PCProbe Utility http://support.asus.com/download/download.aspx
http://www.carrona.org/drivers/driver.php?id=AsIO.sys
 
bcbtums.sys                                   Mon Mar 23 17:31:26 2015 (5510862E)
Broadcom Bluetooth Firmware Download Filter driver from Broadcom Corporation. http://www.broadcom.com/support/bluetooth/[br][br]http://www.official-drivers.com/installer/?seed=Broadcom&gclid=CJT7vOGkgbECFQFx4AodfBURcg
http://www.carrona.org/drivers/driver.php?id=bcbtums.sys
 
lgcoretemp.sys                                Tue Jun  9 12:52:10 2015 (557719BA)
Logitech Gaming Software driver http://support.logitech.com/en_gb/software/lgs
http://www.carrona.org/drivers/driver.php?id=lgcoretemp.sys
 
Please uninstall this one:
wdcsam64.sys                                  Fri Oct  9 16:31:13 2015 (56182411)
Western Digital SCSI Arcitecture Model (SAM) WDM driver  [br]  2008 driver version has known BSOD issues in Windows http://support.wdc.com/product/download.asp or[br]SES driver update:  http://wdc.custhelp.com/app/answers/detail/search/1/a_id/5419#
http://www.carrona.org/drivers/driver.php?id=wdcsam64.sys
 

Analysis details in next post...............................

 

Link to post
Share on other sites

Analysis:
The following is for information purposes only.
The following information contains the relevant information from the blue screen analysis:
**************************Mon Mar  4 15:21:54.443 2019 (UTC - 5:00)**************************
Loading Dump File [C:\Users\john\SysnativeBSODApps\030419-10140-01.dmp]
Windows 10 Kernel Version 17763 MP (8 procs) Free x64
Built by: 17763.1.amd64fre.rs5_release.180914-1434
System Uptime:0 days 22:57:34.166
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by :memory_corruption
BugCheck 3B, {c0000094, fffff809272f39c0, fffff1089bb0eee0, 0}
BugCheck Info: SYSTEM_SERVICE_EXCEPTION (3b)
Arguments:
Arg1: 00000000c0000094, Exception code that caused the bugcheck
Arg2: fffff809272f39c0, Address of the instruction which caused the bugcheck
Arg3: fffff1089bb0eee0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
BUGCHECK_STR:  0x3B
DEFAULT_BUCKET_ID:  CODE_CORRUPTION
PROCESS_NAME:  svchost.exe
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
CPUID:        "Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz"
MaxSpeed:     3500
CurrentSpeed: 3500
  BIOS Version                  1603
  BIOS Release Date             08/15/2014
  Manufacturer                  ASUS
  Baseboard Manufacturer        ASUSTeK COMPUTER INC.
  Product Name                  All Series
  Baseboard Product             MAXIMUS VI HERO
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨``
 


3rd Party Drivers:
The following is for information purposes only.
My recommendations were given above. The drivers that follow belong to software or devices that were not developed by Microsoft.  You can find links to the driver information and where to update the drivers in the section after the code box:
**************************Mon Mar  4 15:21:54.443 2019 (UTC - 5:00)**************************
pwdrvio.sys                                   Mon Jun 15 21:43:45 2009 (4A36F8D1)
intelppm.sys                                  Wed Feb  8 18:16:35 2012 (4F330253)
AsIO.sys                                      Wed Aug 22 05:54:47 2012 (5034AC67)
bcbtums.sys                                   Mon Mar 23 17:31:26 2015 (5510862E)
lgcoretemp.sys                                Tue Jun  9 12:52:10 2015 (557719BA)
wdcsam64.sys                                  Fri Oct  9 16:31:13 2015 (56182411)
RET55a64.sys                                  Tue Nov 17 23:58:12 2015 (564C0564)
e1i63x64.sys                                  Fri Mar  4 16:46:29 2016 (56DA0235)
LGVirHid.sys                                  Mon Jun 13 14:47:03 2016 (575EFFA7)
LGJoyXlCore.sys                               Mon Jun 13 14:47:06 2016 (575EFFAA)
LGBusEnum.sys                                 Mon Jun 13 14:47:08 2016 (575EFFAC)
TeeDriverW8x64.sys                            Tue Oct  3 02:21:38 2017 (59D32C72)
SamsungRapidDiskFltr.sys                      Thu Nov  9 08:00:55 2017 (5A045187)
SamsungRapidFSFltr.sys                        Thu Nov  9 08:00:58 2017 (5A04518A)
nvvad64v.sys                                  Wed Aug 22 05:44:24 2018 (5B7D3078)
MbamChameleon.sys                             Thu Nov 15 13:11:24 2018 (5BEDB6CC)
mbae64.sys                                    Tue Nov 20 07:32:14 2018 (5BF3FECE)
mbamswissarmy.sys                             Tue Jan  8 18:46:09 2019 (5C353641)
farflt.sys                                    Wed Jan  9 11:44:11 2019 (5C3624DB)
nvhda64v.sys                                  Wed Jan 16 01:44:16 2019 (5C3ED2C0)
mbam.sys                                      Fri Jan 25 09:57:52 2019 (5C4B23F0)
mwac.sys                                      Fri Jan 25 17:54:27 2019 (5C4B93A3)
nvlddmkm.sys                                  Wed Jan 30 15:05:19 2019 (5C52037F)
afunix.sys                                    ***** Invalid 1975 Invalid 1975 Invalid
SgrmAgent.sys                                 ***** Invalid 2017 Invalid 2017 Invalid
winquic.sys                                   ***** Invalid 2013 Invalid 2013 Invalid
xusb22.sys                                    ***** Invalid 2025 Invalid 2025 Invalid
 


http://www.carrona.org/drivers/driver.php?id=pwdrvio.sys
http://www.carrona.org/drivers/driver.php?id=intelppm.sys
http://www.carrona.org/drivers/driver.php?id=AsIO.sys
http://www.carrona.org/drivers/driver.php?id=bcbtums.sys
http://www.carrona.org/drivers/driver.php?id=lgcoretemp.sys
http://www.carrona.org/drivers/driver.php?id=wdcsam64.sys
RET55a64.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=e1i63x64.sys
http://www.carrona.org/drivers/driver.php?id=LGVirHid.sys
http://www.carrona.org/drivers/driver.php?id=LGJoyXlCore.sys
http://www.carrona.org/drivers/driver.php?id=LGBusEnum.sys
http://www.carrona.org/drivers/driver.php?id=TeeDriverW8x64.sys
http://www.carrona.org/drivers/driver.php?id=SamsungRapidDiskFltr.sys
http://www.carrona.org/drivers/driver.php?id=SamsungRapidFSFltr.sys
http://www.carrona.org/drivers/driver.php?id=nvvad64v.sys
http://www.carrona.org/drivers/driver.php?id=MbamChameleon.sys
http://www.carrona.org/drivers/driver.php?id=mbae64.sys
http://www.carrona.org/drivers/driver.php?id=mbamswissarmy.sys
http://www.carrona.org/drivers/driver.php?id=farflt.sys
http://www.carrona.org/drivers/driver.php?id=nvhda64v.sys
http://www.carrona.org/drivers/driver.php?id=mbam.sys
http://www.carrona.org/drivers/driver.php?id=mwac.sys
http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
afunix.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
SgrmAgent.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
winquic.sys - this driver hasn't been added to the DRT as of this run. Please search Google/Bing for the driver if additional information is needed.
http://www.carrona.org/drivers/driver.php?id=xusb22.sys

 

Link to post
Share on other sites

Thanks for the quick response. My motherboard has the latest firmware so I can't update that. So I ran memtest86 four times and it passed all test but it gave me a note saying Your RAM may be vulnerable to high frequency row hammer bit flips. However the conditions needed to induce these errors occur only very rarely in normal PC usage, and so this should not be of concern to most users.

I also ran windows update manually and if found a cumulative update for windows. I'm going to wait on doing the rest of the things you suggested after I see if this windows update maybe fixed the problem and there are no more bsods. 

Link to post
Share on other sites

I got another bsod on 3/7/19 so I ran chkdsk /f /r on all my 3 drives and there where no errors except on one where CHKDSK said it discovered free space marked as allocated in the volume bitmap. Windows has made corrections to the file system. No further action is required. I also ran WD drive utilities test on the MY Passport drive it passed those test as well.

I also removed minitool Partition Wizard because it was the latest version and I didn't know where to find a newer driver. I'm updating or removing the drivers and apps one at a time until the problem goes away. I'm leaving the driver verifier for last.

Link to post
Share on other sites

Hi. . .

I am assisting usasma until his eyesight recovers.

I re-ran the original dump and did in fact see the 0x3b bugcheck (system service threw an exception); the exception error code is -

0xc0000094 -   Integer division by zero -- meaning that a variable in ntfs.sys attempted to divide a number by zero, which is illegal.

I assume that ntfs.sys was involved (as was NT - the Windows kernel) because it is the last driver identified on the stack (scroll to right - you'll see ntfs.sys about 3/4 of the way across starting on the 9th line down -

 # Child-SP          RetAddr           : Args to Child                                                           : Call Site
00 fffff108`9bb0e5a8 fffff804`42a60c69 : 00000000`0000003b 00000000`c0000094 fffff809`272f39c0 fffff108`9bb0eee0 : nt!KeBugCheckEx
01 fffff108`9bb0e5b0 fffff804`42a600bc : fffff108`9bb0f698 fffff108`9bb0eee0 fffff108`9bb0f698 00000000`00000000 : nt!KiBugCheckDispatch+0x69
02 fffff108`9bb0e6f0 fffff804`42a57f2f : fffff804`42d7f000 fffff804`4289c000 0005be48`00a6f000 00000000`00000000 : nt!KiSystemServiceHandler+0x7c
03 fffff108`9bb0e730 fffff804`428c2b20 : fffff108`9bb0ed80 00000000`00000000 fffff108`9bb0eca0 fffff804`42c35ce8 : nt!RtlpExecuteHandlerForException+0xf
04 fffff108`9bb0e760 fffff804`42907e74 : fffff108`9bb0f698 fffff108`9bb0f3e0 fffff108`9bb0f698 00000000`000047f0 : nt!RtlDispatchException+0x430
05 fffff108`9bb0eeb0 fffff804`42a60d42 : fffff108`9bb0f880 fffff108`9bb0f6b0 00000000`00000200 fffff108`9bb0f720 : nt!KiDispatchException+0x144
06 fffff108`9bb0f560 fffff804`42a59def : ffffe105`bddb8db0 fffff804`00000000 00000000`00000001 00000000`00000001 : nt!KiExceptionDispatch+0xc2
07 fffff108`9bb0f740 fffff809`272f39c0 : ffffe105`cdbe69a8 ffffe105`bdd6cf70 00000000`00012000 00000000`00000000 : nt!KiDivideErrorFault+0x2ef (TrapFrame @ fffff108`9bb0f740)
08 fffff108`9bb0f8d0 fffff809`272f342e : ffffe105`cdbe69a8 00000000`00000000 fffff108`9bb0fa90 ffff8100`00001000 : Ntfs!NtfsAllocateRecord+0x3e4
09 fffff108`9bb0fa30 fffff809`272f089b : ffffe105`cdbe69a8 ffffe105`bddbb180 ffffe105`c167f010 ffff0000`cdbe69a8 : Ntfs!NtfsAllocateMftRecord+0xba
0a fffff108`9bb0fb10 fffff809`2733097a : 00000000`00000400 00000000`00000008 ffffe105`cdbe69a8 ffffe105`cea05010 : Ntfs!NtfsCreateNewFile+0x7bb
0b fffff108`9bb0fea0 fffff809`27333e1d : ffffe105`cea05010 fffff108`9bb10170 ffffe105`cea05010 00000000`00000000 : Ntfs!NtfsCommonCreate+0x1bfa
0c fffff108`9bb10090 fffff804`429540d9 : ffffe105`bddbb030 ffffe105`cea05010 ffffe105`6d34f000 ffffe105`c04b1550 : Ntfs!NtfsFsdCreate+0x1cd
0d fffff108`9bb102f0 fffff809`26406219 : ffffe105`cea05010 ffffe105`c04b1550 ffffe105`cea057a0 ffffe105`6ff47ab0 : nt!IofCallDriver+0x59
0e fffff108`9bb10330 fffff809`2643d559 : fffff108`9bb103e0 ffffe105`c04b1550 00000000`000000c0 00000000`00000000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x289
0f fffff108`9bb103a0 fffff804`429540d9 : ffffe105`c04b1500 ffffe105`cdb61010 00000000`00000000 fffff108`00000030 : FLTMGR!FltpCreate+0x2f9
10 fffff108`9bb10450 fffff804`429554b4 : ffffe105`6d80e470 00000000`00000000 ffffe105`c8b4e6f0 fffff804`42ac49d2 : nt!IofCallDriver+0x59
11 fffff108`9bb10490 fffff804`42f10d92 : 00000000`00000005 ffffe105`cdb61010 00000000`00000005 ffffe105`bdd9c840 : nt!IoCallDriverWithTracing+0x34
12 fffff108`9bb104e0 fffff804`42f35fb9 : ffffe105`bdd9c840 ffffe105`bdd9c800 ffffe105`c167f010 ffff8100`5b5c0b01 : nt!IopParseDevice+0x632
13 fffff108`9bb10650 fffff804`42f345bf : ffffe105`c167f000 fffff108`9bb108b8 ffffe105`00000040 ffffe105`604f3a60 : nt!ObpLookupObjectName+0x719
14 fffff108`9bb10820 fffff804`42e8a924 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000028 : nt!ObOpenObjectByNameEx+0x1df
15 fffff108`9bb10960 fffff804`42e8a509 : 00000069`1ab7d568 00000000`00000000 00000069`1ab7d850 00000069`1ab7d6d0 : nt!IopCreateFile+0x404
16 fffff108`9bb10a00 fffff804`42a60685 : 00000000`00000000 00000069`1ab7d6d0 00000069`1ab7d780 00000000`00000004 : nt!NtCreateFile+0x79
17 fffff108`9bb10a90 00007ffe`01a80114 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25 (TrapFrame @ fffff108`9bb10b00)
18 00000069`1ab7d4c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`01a80114


A stack is read from the bottom --> up

So we see "NT", which is the Windows kernel doing some operations, then we see fltmgr.sys, which is a Microsoft File System Filter Manager driver followed by ntfs.sys, which is a Microsoft NT File System driver then we see "NT" again.

Microsoft drivers are considered sacrosanct and 99.9% of the time are never the cause of a BSOD. When a Microsoft driver is named, unknown hardware failure is the likely cause.

But let's stay with software for the moment and I'd like for you to run Driver Verifier - https://www.sysnative.com/forums/threads/driver-verifier-bsod-related-windows-10-8-1-8-7-vista.29/

Allow Driver Verifier to run in the background (you can continue to use your system), but save work/files very often because if Driver Verifier detects a driver violation, it will BSOD your system immediately.

If you get a VERIFIER_ENABLED BSOD, please get the dump from \windows\minidump (file name = the date); copy it out to Documents or Desktop, zip it up and attach to your next post. Windows will not allow you to zip files in the \windows directory itself.

You mentioned in your last post that you experienced another BSOD. Please get the dump for that BSOD and attach the zip file to your next post.

If easier, you can just re-run the jcgriff2/Sysnative app from step #1 -

 

.... and attach the output zip file like you did in post #1.

Regards. . .

jcgriff2

   
   
Edited by jcgriff2
Link to post
Share on other sites

Turn Driver Verifier off.

The fact that Driver Verifier did not BSOD your system means that more than likely, the cause of your BSODs is unknown hardware failure.

Driver Verifier ran, stress-tested all of your 3rd party drivers and found no problems or issues with them.

Regards. . .

jcgriff2

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.